What is the CVSS score of CVE-2025-47173?

CVE-2025-47173 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Windows are affected by CVE-2025-47173?

CVE-2025-47173 is a high-severity input validation flaw in Microsoft Office that enables local attackers to execute arbitrary code when a user opens a malicious document, potentially compromising…. A patch is available.

How to fix or mitigate CVE-2025-47173?

Within 24 hours: Identify all Microsoft Office versions in use across your environment and cross-reference against vendor advisory for affected versions. Within 7 days: Apply vendor-released patch to all affected Office installations, prioritizing systems handling external documents and high-value user workstations. Within 30 days: Conduct post-patch verification across 100% of affected systems and implement enhanced document handling controls such as disabling macros by default and restricting Office file execution from suspicious sources.

Windows CVE-2025-47173

EUVD-2025-17726 HIGH

Improper Restriction of Names for Files and Other Resources (CWE-641)

2025-06-10 secure@microsoft.com

Microsoft RCE Windows Office Long Term Servicing Channel Office 365 Apps

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:40 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

16.0.5504.1000,16.98.25060824

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17726

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 7.8

DescriptionCVE.org

Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

AnalysisAI

CVE-2025-47173 is an improper input validation vulnerability in Microsoft Office that allows local code execution without requiring user privileges, though user interaction is needed. An attacker with local access can craft a malicious Office document that, when opened by a user, executes arbitrary code with the privileges of the affected Office application. This vulnerability affects Microsoft Office products across multiple versions and poses a moderate-to-high risk given its local attack vector and high impact on confidentiality, integrity, and availability.

Technical ContextAI

This vulnerability stems from CWE-641 (Improper Restriction of Rendered UI Layers or Frames), which indicates the root cause involves inadequate validation of input data in Office document parsing or rendering. The weakness likely exists in the Office document format handlers (such as OOXML parsing libraries) that process user-supplied content without sufficient sanitization. When a specially crafted Office file (DOCX, XLSX, PPTX, etc.) is opened, the improper input validation fails to restrict embedded objects, macros, or executable content, allowing code execution within the Office application's security context. The vulnerability requires user interaction (UI:R) to trigger, meaning the user must open the malicious document, but does not require any special privileges (PR:N) to exploit.

RemediationAI

Immediate actions: (1) Apply the latest security updates from Microsoft for all Office applications—check Windows Update or Microsoft 365 admin center for available patches. (2) For Office 2019 and earlier on-premises installations, download and install the cumulative security update from Microsoft's Security Update Guide (portal.msrc.microsoft.com). (3) Enable Protected View in Microsoft Office—this sandboxes potentially dangerous documents opened from the internet or email, preventing code execution even if the document is malicious. (4) Mitigate without patching by disabling macros in Office Trust Center settings and educating users not to enable content in suspicious documents. (5) Use email gateway controls to block or sandbox Office documents from external sources. (6) Consider disabling VBA and scripting in Office group policies if not required for business operations. (7) Monitor for suspicious Office process behavior using EDR (Endpoint Detection & Response) tools. Patch timelines should prioritize systems in high-risk roles (executives, developers, finance) and those with Internet-facing document handling.

More from same product – last 7 days

CVE-2026-12440 CRITICAL Act Now

9.6 Jun 17

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po

CVE-2026-12466 HIGH This Week

8.8 Jun 17

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute

CVE-2026-12437 HIGH This Week

8.3 Jun 17

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom

CVE-2026-12449 HIGH This Week

7.8 Jun 17

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-

CVE-2026-12461 MEDIUM This Month

6.5 Jun 17

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot

CVE-2025-47173 vulnerability details – vuln.today

Back

Windows CVE-2025-47173

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code