Skip to main content

365 Apps CVE-2025-47170

| EUVD-2025-17729 HIGH
Use After Free (CWE-416)
2025-06-10 secure@microsoft.com
Denial Of Service Microsoft 365 Apps Office Long Term Servicing Channel
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:40 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
16.98.25060824
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17729
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:23 nvd
HIGH 7.8

DescriptionNVD

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact (confidentiality, integrity, availability). The vulnerability requires user interaction (e.g., opening a malicious document) but has low attack complexity, making it a significant local code execution threat. Without confirmed KEV status or EPSS data provided, the CVSS 7.8 score indicates high severity, though real-world exploitability depends on whether public exploits or proofs-of-concept have emerged.

Technical ContextAI

This vulnerability is rooted in CWE-416 (Use After Free), a memory safety defect where Microsoft Word's document processing engine references memory that has been freed or deallocated. The defect likely occurs in Word's XML/document object model parsing or rendering subsystem when handling specially crafted Office Open XML (.docx) files. The use-after-free condition could corrupt the heap, overwrite function pointers, or leak sensitive memory, enabling code execution through classic heap exploitation techniques. Affected CPE would be Microsoft Office Word across multiple versions (likely Microsoft Word 2016, 2019, Office 365 perpetual/subscription variants), though specific version ranges are not provided in the source data.

More from same product – last 7 days

CVE-2026-10044 HIGH POC
8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat
CVE-2026-40412 CRITICAL
10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil
CVE-2026-41104 CRITICAL
10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal
CVE-2026-23652 CRITICAL
10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-
CVE-2026-47280 CRITICAL
10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

Share

CVE-2025-47170 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy