CISA has added CVE‑2012-1854 to its Known Exploited Vulnerabilities catalogue. The entry concerns Microsoft’s Visual Basic for Applications (VBA) and relates to the Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability, which could allow remote code execution.
The vulnerability is an insecure library loading flaw in VBA that may permit an attacker to execute arbitrary code on an affected system. It carries a CVSS v3.1 score of 7.8, rated as HIGH. According to the supplementary data, a patch status is currently unknown, and no advisory URL is provided.
Active exploitation has been confirmed, which is the basis for the KEV designation. There is no publicly known use of this flaw in ransomware campaigns. Federal civilian executive branch (FCEB) agencies must apply mitigations by the remediation due date of 2026‑04‑27.
CISA’s required action is: “Apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” While this directive binds FCEB agencies, all organisations should review their exposure to VBA and consider applying any available mitigations or restricting use until a fix is confirmed.
For full details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2012-1854 and the CISA KEV catalogue.