Skip to main content

Windows CVE-2025-47168

| EUVDEUVD-2025-17731 HIGH
Use After Free (CWE-416)
2025-06-10 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:40 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
16.98.25060824,16.0.5504.1000,16.0.10417.20018
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17731
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:23 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Technical ContextAI

The vulnerability stems from a use-after-free condition (CWE-416) in Microsoft Office Word's document parsing or rendering engine. Use-after-free occurs when code attempts to access memory that has been freed/deallocated, allowing attackers to control that freed memory region and redirect execution flow. This is a classic memory corruption vulnerability in the Office document handler—likely triggered during processing of specially crafted .doc, .docx, or related Word formats. The attack surface is the document import/parsing subsystem, which processes untrusted user-supplied documents. Given Word's C/C++ implementation and complex document format handling, heap-based use-after-free in object lifecycle management is a plausible root cause. CPE identifier would be cpe:2.3:a:microsoft:office:*:*:*:*:*:windows:*:* with version constraints from Microsoft's advisory.

RemediationAI

  1. IMMEDIATE: Deploy Microsoft security patch for Office/Word as released by Microsoft Security Response Center (MSRC). Subscribe to Microsoft Security Updates (portal.msrc.microsoft.com) for CVE-2025-47168 details and KB article references. 2. PATCH VERSIONS: Apply latest cumulative/security update for Word 2019 (KB reference pending), Word 2021 (KB pending), and Microsoft 365 monthly/semi-annual channels (automatic or manual via Settings > Update Options). 3. INTERIM MITIGATIONS (if patching delayed): Disable opening Word documents from untrusted sources; use Word in Protected View (enforced via Group Policy: DisableInternetFilesInPV); disable macros and external content. 4. WORKAROUND: Convert critical documents to PDF or use Office Online (web-based, separate codebase) instead of desktop Word. 5. DETECTION: Monitor for Office crashes (WER events), unusual WINWORD.EXE memory patterns, or execution of unexpected child processes post-Word opening. Consult Microsoft's official advisory for exact patch KB numbers and rollout dates.
CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH POC
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2013-10047 CRITICAL POC
9.3 Aug 01

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

Share

CVE-2025-47168 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy