CVE-2025-47162

| EUVD-2025-17768 HIGH
2025-06-10 [email protected]
8.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17768
CVE Published
Jun 10, 2025 - 17:23 nvd
HIGH 8.4

Tags

Microsoft Buffer Overflow RCE Windows Office Long Term Servicing Channel Office 365 Apps

Description

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Analysis

Heap-based buffer overflow vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with high privileges. The vulnerability affects Microsoft Office products across multiple versions and requires no user interaction or special privileges to exploit. With a CVSS score of 8.4 and local attack vector, this represents a severe local privilege escalation and code execution risk; exploitation status and real-world activity should be verified against KEV catalogs and EPSS scoring.

Technical Context

This vulnerability is a CWE-122 (Heap-based Buffer Overflow), a classic memory corruption flaw where untrusted input writes beyond allocated heap memory boundaries. In Microsoft Office, the overflow likely occurs during parsing of malformed document files (e.g., .docx, .xlsx, .pptx formats) or embedded objects within Office documents. The heap corruption allows an attacker to overwrite adjacent memory structures and corrupt heap metadata, potentially enabling code execution through heap spray techniques or Return-Oriented Programming (ROP) chains. Microsoft Office processes documents in multiple libraries and parsers (including legacy COM-based handlers and modern OOXML processing), making buffer boundaries in parsing routines a critical attack surface. The local attack vector (AV:L) indicates the attacker must have local access to the system or the ability to plant a malicious Office document that a local user opens.

Affected Products

Microsoft Office suite (specific versions require vendor advisory verification): Likely affects Microsoft Word, Excel, PowerPoint, and Access across versions 2016, 2019, Office 365, and Office 2021. Affected CPE would be variants of: cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:* and cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:* (and other Office applications). The vulnerability is triggered during document processing, so all Office applications that parse document formats are in scope. Consult Microsoft Security Advisory for exact version ranges and build numbers. Windows operating systems (cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*) are the affected platform.

Remediation

Remediation strategy: (1) Apply Microsoft security patches immediately upon release—monitor Microsoft Security Update Guide and MSRC (Microsoft Security Response Center) for KB articles and patch bundles addressing CVE-2025-47162; (2) Prioritize patching for endpoints where Office is installed and files are frequently opened from untrusted sources; (3) Interim mitigations pending patch deployment: Disable or restrict Office macro execution and block opening of Office documents from untrusted sources via email and file-sharing policies; (4) For Office 365 / Microsoft 365 subscribers, enable automatic updates; (5) Consider disabling Office COM object instantiation if not needed; (6) Use Application Guard for Microsoft Office if available on target OS. Obtain patch KB numbers and specific version updates from Microsoft Security Advisory or MSRC portal once published.

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +42
POC: 0

Share

CVE-2025-47162 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy