Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
AnalysisAI
Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.
Technical ContextAI
This vulnerability is a use-after-free (CWE-416) flaw in Microsoft Office—a memory safety issue where the application references memory that has already been freed. CWE-416 vulnerabilities occur when a program continues to use a pointer after the memory object it referenced has been deallocated, potentially allowing attackers to control the freed memory region and achieve code execution. In the Microsoft Office context, this likely occurs during document parsing, object lifecycle management, or COM component handling. The vulnerability requires local access (AV:L) to trigger, suggesting it may be exploitable through malicious Office documents opened locally or via local file system interaction. The complexity is low (AC:L), indicating the flaw does not require special conditions, race conditions, or user-specific configurations to trigger reliably.
RemediationAI
- Immediate patching: Install the latest Microsoft Office security updates from Microsoft Security Update Guide (msrc.microsoft.com/update-guide) immediately upon availability. 2. Temporary mitigation: Restrict Office document opening from untrusted sources; disable Office macros (if applicable to UAF trigger); implement application whitelisting to limit Office.exe execution contexts. 3. Workarounds: Until patches are deployed, consider: disabling Office preview features in File > Options > Trust Center; using Office in sandboxed/containerized environments; restricting local file access permissions for Office processes. 4. Monitoring: Enable logging for Office process execution and memory corruption events (Windows Event Viewer, SIEM integration). 5. Defense-in-depth: Implement endpoint detection and response (EDR) solutions to detect unusual Office behavior, memory-corruption exploitation techniques, and post-exploitation activities.
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17735