Skip to main content

Microsoft Office CVE-2025-59227

HIGH
Use After Free (CWE-416)
2025-10-14 secure@microsoft.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 22, 2026 - 16:30 vuln.today

DescriptionCVE.org

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Microsoft Office (including Microsoft 365 Apps Enterprise, Office 2016/2019, and Office LTSC 2021 across Windows x86/x64, macOS, and Android) arises from a use-after-free memory corruption (CWE-416) that an attacker can trigger by convincing a user to open a crafted document. Exploitation runs in the context of the current user with high impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Technical ContextAI

The flaw is a CWE-416 use-after-free in the Microsoft Office suite - a class of memory corruption where code continues to reference heap memory after it has been freed, enabling an attacker to reclaim that allocation with controlled data and hijack execution flow when the dangling pointer is dereferenced. Office's document parsers (Word, Excel, PowerPoint, and shared rich-text/OLE components) historically reuse complex object models for parsing structured file formats, and lifetime bugs in those object graphs are a recurring source of UAF conditions. The CPE list shows the defect spans the entire current Office estate: Microsoft 365 Apps (Enterprise x86/x64), perpetual Office 2016 and 2019, and Office LTSC 2021 on Windows x86/x64 and macOS, plus Office on Android, indicating the vulnerable component is shared across platforms rather than being OS-specific.

RemediationAI

Apply the Microsoft security update referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59227 for each affected channel - Microsoft 365 Apps via Click-to-Run servicing, Office 2016/2019/LTSC 2021 via Microsoft Update or the corresponding MSP/MSI packages, and the Android build via the Play Store - using the exact fixed build listed in that advisory (specific fixed versions are not included in the input data, so consult MSRC for the exact KB/build per SKU). Until the patch is deployed, compensating controls include enabling Protected View and Office Application Guard for files originating from the internet or email so untrusted documents are parsed in a sandboxed container, blocking or quarantining Office attachments at the mail gateway from external senders, and enabling Microsoft Defender Attack Surface Reduction rules that block Office from creating child processes and from executing downloaded executable content - these reduce post-exploitation impact but do not address the underlying parser bug and can break legitimate macros, add-ins, or workflows that rely on child-process spawning.

CVE-2026-21509 HIGH
7.8 Jan 26

Microsoft Office contains a security feature bypass (CVE-2026-21509, CVSS 7.8) where reliance on untrusted inputs in sec

CVE-2026-21514 HIGH
7.8 Feb 10

Microsoft Office Word contains a security decision bypass (CVE-2026-21514, CVSS 7.8) through reliance on untrusted input

CVE-2024-21413 CRITICAL POC
9.8 Feb 13

Microsoft Outlook Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotel

CVE-2025-47957 HIGH POC
8.4 Jun 10

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary

CVE-2022-41106 HIGH
8.8 Nov 09

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely expl

CVE-2023-33148 HIGH POC
7.8 Jul 11

Microsoft Office Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack

CVE-2025-27751 HIGH POC
7.8 Apr 08

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (C

CVE-2025-47165 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). A

CVE-2025-47175 HIGH POC
7.8 Jun 10

Use-after-free vulnerability in Microsoft Office PowerPoint that allows an unauthenticated local attacker to execute arb

CVE-2023-36041 HIGH POC
7.8 Nov 14

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentica

CVE-2023-28311 HIGH POC
7.8 Apr 11

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authenticat

CVE-2023-28285 HIGH POC
7.8 Apr 11

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentic

Share

CVE-2025-59227 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy