What is the CVSS score of CVE-2025-32717?

CVE-2025-32717 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Windows are affected by CVE-2025-32717?

A critical heap-based buffer overflow vulnerability in Microsoft Office Word (CVE-2025-32717) allows attackers to execute arbitrary code on affected systems through local exploitation.

How to fix or mitigate CVE-2025-32717?

Within 24 hours: Inventory all systems running affected Microsoft Office Word versions and restrict document access to trusted sources only. Within 7 days: Implement application whitelisting for Office processes, disable macros globally via Group Policy, and establish mandatory user awareness training on suspicious documents. Within 30 days: Develop and test a patch deployment plan; monitor Microsoft's security advisories for patch availability and deploy immediately upon release.

Windows CVE-2025-32717

EUVD-2025-18063 HIGH

Heap-based Buffer Overflow (CWE-122)

2025-06-11 secure@microsoft.com

Windows RCE Buffer Overflow Microsoft 365 Apps

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2025-18063

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

CVE Published

Jun 11, 2025 - 00:15 nvd

HIGH 8.4

DescriptionNVD

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

AnalysisAI

A buffer overflow vulnerability in Heap-based buffer overflow in Microsoft Office Word (CVSS 8.4) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-122 (Heap-based Buffer Overflow). CVSS 8.4 indicates high severity. Affects Heap-based buffer overflow in Microsoft Office Word.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

7.5 May 28

{filename} endpoint. The flawed traversal filter only rejects forward slashes and '..' sequences, leaving absolute Windo

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2025-32717 vulnerability details – vuln.today

Back

Windows CVE-2025-32717

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code