What is the CVSS score of CVE-2025-47168?

CVE-2025-47168 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Windows are affected by CVE-2025-47168?

CVE-2025-47168 is a use-after-free vulnerability in Microsoft Office Word that allows local attackers to execute arbitrary code when users open malicious documents, potentially compromising system…. A patch is available.

How to fix or mitigate CVE-2025-47168?

Within 24 hours: Identify all systems running Microsoft Office Word and assess exposure to external documents. Within 7 days: Deploy vendor-released patch to all affected Word installations; prioritize endpoints handling external correspondence, contracts, or shared documents. Within 30 days: Verify patch deployment across all systems via vulnerability scanning; conduct user awareness training on document-handling risks.

Windows CVE-2025-47168

EUVD-2025-17731 HIGH

Use After Free (CWE-416)

2025-06-10 secure@microsoft.com

Windows RCE Use After Free Microsoft 365 Apps Office Office Long Term Servicing Channel Sharepoint Enterprise Server Sharepoint Server Word

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:40 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.98.25060824,16.0.5504.1000,16.0.10417.20018

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17731

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 7.8

DescriptionNVD

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Technical ContextAI

The vulnerability stems from a use-after-free condition (CWE-416) in Microsoft Office Word's document parsing or rendering engine. Use-after-free occurs when code attempts to access memory that has been freed/deallocated, allowing attackers to control that freed memory region and redirect execution flow. This is a classic memory corruption vulnerability in the Office document handler—likely triggered during processing of specially crafted .doc, .docx, or related Word formats. The attack surface is the document import/parsing subsystem, which processes untrusted user-supplied documents. Given Word's C/C++ implementation and complex document format handling, heap-based use-after-free in object lifecycle management is a plausible root cause. CPE identifier would be cpe:2.3:a:microsoft:office:*:*:*:*:*:windows:*:* with version constraints from Microsoft's advisory.

RemediationAI

IMMEDIATE: Deploy Microsoft security patch for Office/Word as released by Microsoft Security Response Center (MSRC). Subscribe to Microsoft Security Updates (portal.msrc.microsoft.com) for CVE-2025-47168 details and KB article references. 2. PATCH VERSIONS: Apply latest cumulative/security update for Word 2019 (KB reference pending), Word 2021 (KB pending), and Microsoft 365 monthly/semi-annual channels (automatic or manual via Settings > Update Options). 3. INTERIM MITIGATIONS (if patching delayed): Disable opening Word documents from untrusted sources; use Word in Protected View (enforced via Group Policy: DisableInternetFilesInPV); disable macros and external content. 4. WORKAROUND: Convert critical documents to PDF or use Office Online (web-based, separate codebase) instead of desktop Word. 5. DETECTION: Monitor for Office crashes (WER events), unusual WINWORD.EXE memory patterns, or execution of unexpected child processes post-Word opening. Consult Microsoft's official advisory for exact patch KB numbers and rollout dates.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2025-47168 vulnerability details – vuln.today

Back

Windows CVE-2025-47168

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code