What is the CVSS score of CVE-2025-47176?

CVE-2025-47176 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.5%.

Which versions of Windows are affected by CVE-2025-47176?

CVE-2025-47176 is a high-severity vulnerability in Microsoft Outlook that allows authorized users to execute arbitrary code on affected systems.

How to fix or mitigate CVE-2025-47176?

Within 24 hours: Inventory all Outlook deployments and identify critical systems; notify users to report suspicious Outlook behavior. Within 7 days: Implement application whitelisting and enhanced monitoring on Outlook processes; restrict Outlook usage to essential personnel only if feasible. Within 30 days: Coordinate with Microsoft for patch availability; evaluate alternative email clients or air-gapped deployments for high-risk user groups; conduct threat hunting for exploitation indicators.

Windows CVE-2025-47176

EUVD-2025-17723 HIGH

Path Traversal: '.../...//' (CWE-35)

2025-06-10 secure@microsoft.com

Windows RCE Microsoft Outlook 365 Apps Office Long Term Servicing Channel

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17723

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 7.8

DescriptionNVD

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

AnalysisAI

Local code execution vulnerability in Microsoft Office Outlook triggered by improper path traversal handling (CWE-35) in the '.../...//' sequence. Authorized users with local access can exploit this to execute arbitrary code with the privileges of the Outlook process, achieving high confidentiality, integrity, and availability impact. This vulnerability requires local access and existing user privileges but no user interaction, making it a significant risk for multi-user systems or compromised local accounts.

Technical ContextAI

This vulnerability exploits improper canonicalization of file paths in Microsoft Office Outlook. The CWE-35 classification (Path Traversal - Improper Limitation of a Pathname to a Restricted Directory) indicates that the application fails to properly validate or normalize path inputs containing sequences like '.../...//', which can be used to access files outside intended directories. The Outlook email client processes file paths during attachment handling, embedded content resolution, or local file access operations. The path traversal sequence bypasses directory restrictions, allowing an attacker to specify arbitrary file system locations. This is likely triggered through crafted email content, calendar invites, or contact data that Outlook parses and processes without adequate path sanitization.

RemediationAI

Apply Microsoft security patch when released (monitor Microsoft Security Update Guide and MSRC advisories). 2. Immediate workaround: Restrict local system access to Outlook processes; disable Outlook add-ins from untrusted sources. 3. For multi-user systems, enforce principle of least privilege to reduce accounts capable of triggering the vulnerability. 4. Monitor for exploitation attempts targeting path traversal sequences in Outlook logs. 5. Consider disabling Outlook preview pane if email sources are untrusted, as attachment rendering may trigger parsing. 6. Update to latest Office version once patched version is confirmed available.

More from same product – last 7 days

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2026-42901 CRITICAL Monitor

10.0 May 22

Privilege escalation in Microsoft Entra ID enables remote unauthenticated attackers to bypass origin validation and gain

CVE-2025-47176 vulnerability details – vuln.today

Back

Windows CVE-2025-47176

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code