Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
AnalysisAI
CVE-2025-47968 is an improper input validation vulnerability in Microsoft AutoUpdate (MAU) that allows a locally authenticated attacker to achieve privilege escalation on affected systems. The vulnerability has a CVSS score of 7.8 (High), indicating significant impact with confidentiality, integrity, and availability compromise. Active exploitation status and proof-of-concept availability cannot be confirmed from provided data, but the local attack vector with low complexity and low privilege requirement suggests elevated real-world risk for multi-user or shared systems.
Technical ContextAI
Microsoft AutoUpdate (MAU) is the automatic update mechanism for Microsoft Office on macOS and Windows platforms. The vulnerability stems from CWE-20 (Improper Input Validation), a root cause where MAU fails to adequately sanitize or validate user-supplied input before processing it in a privileged context. This likely occurs in update manifest parsing, configuration file handling, or update package verification routines. The lack of input validation allows an authenticated local user to craft malicious input that bypasses security checks, leading to code execution with elevated privileges. The vulnerability affects MAU versions used across Microsoft Office suites (Word, Excel, PowerPoint, Outlook, etc.) on macOS and potentially Windows platforms.
RemediationAI
Immediate remediation steps: (1) Apply security updates from Microsoft for AutoUpdate when released - monitor Microsoft Security Update Guide (portal.msrc.microsoft.com) for CVE-2025-47968 patches; (2) If patch unavailable, restrict local system access to trusted users only, implement principle of least privilege; (3) Disable AutoUpdate temporarily if available through Group Policy (Windows) or preferences (macOS) and manage updates manually until patches available; (4) Monitor Office 365 for automatic cloud-based remediation if applicable; (5) For macOS, ensure updated version through System Preferences > Microsoft AutoUpdate; (6) Verify installation from trusted sources only. Workarounds include restricting file system write permissions to MAU configuration directories and disabling local privilege elevation where possible through organizational policy.
More in Autoupdate
View allIncorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly valida
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).
Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attack
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17718