CVE-2025-47176

| EUVD-2025-17723 HIGH
2025-06-10 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17723
CVE Published
Jun 10, 2025 - 17:23 nvd
HIGH 7.8

Tags

Microsoft Outlook Windows RCE 365 Apps Office Long Term Servicing Channel

Description

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Analysis

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Technical Context

This vulnerability exploits improper canonicalization of file paths in Microsoft Office Outlook. The CWE-35 classification (Path Traversal - Improper Limitation of a Pathname to a Restricted Directory) indicates that the application fails to properly validate or normalize path inputs containing sequences like '.../...//', which can be used to access files outside intended directories. The Outlook email client processes file paths during attachment handling, embedded content resolution, or local file access operations. The path traversal sequence bypasses directory restrictions, allowing an attacker to specify arbitrary file system locations. This is likely triggered through crafted email content, calendar invites, or contact data that Outlook parses and processes without adequate path sanitization.

Affected Products

Microsoft Office Outlook - specific versions not enumerated in provided data. Based on CVE date (2025) and Outlook's broad user base, likely affects: Outlook 2019, Outlook 2021, Microsoft 365 Outlook client (all recent versions), and potentially Outlook on the Web if backend processing is vulnerable. Typical CPE would include variations of 'cpe:2.3:a:microsoft:outlook:*'. Organizations should check Microsoft Security Update Guide for specific version mappings. Desktop Outlook versions for Windows are highest priority given local attack vector.

Remediation

1. Apply Microsoft security patch when released (monitor Microsoft Security Update Guide and MSRC advisories). 2. Immediate workaround: Restrict local system access to Outlook processes; disable Outlook add-ins from untrusted sources. 3. For multi-user systems, enforce principle of least privilege to reduce accounts capable of triggering the vulnerability. 4. Monitor for exploitation attempts targeting path traversal sequences in Outlook logs. 5. Consider disabling Outlook preview pane if email sources are untrusted, as attachment rendering may trigger parsing. 6. Update to latest Office version once patched version is confirmed available.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +39
POC: 0

Share

CVE-2025-47176 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy