Skip to main content

Microsoft EUVDEUVD-2025-17735

| CVE-2025-47164 HIGH
Use After Free (CWE-416)
2025-06-10 secure@microsoft.com
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:41 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
16.0.5504.1000,16.98.25060824,16.0.18925.20000
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17735
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:23 nvd
HIGH 8.4

DescriptionCVE.org

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

AnalysisAI

Use-after-free (UAF) vulnerability in Microsoft Office that allows unauthenticated local attackers to execute arbitrary code with no user interaction required. The vulnerability affects multiple Microsoft Office versions and has a CVSS score of 8.4 (High), indicating severe risk with high impact to confidentiality, integrity, and availability. Without publicly disclosed EPSS data or KEV confirmation provided, the actual exploitation likelihood in the wild remains unconfirmed, though the local attack vector and lack of privilege/interaction requirements suggest moderate real-world exploitability once weaponized.

Technical ContextAI

This vulnerability is a use-after-free (CWE-416) flaw in Microsoft Office—a memory safety issue where the application references memory that has already been freed. CWE-416 vulnerabilities occur when a program continues to use a pointer after the memory object it referenced has been deallocated, potentially allowing attackers to control the freed memory region and achieve code execution. In the Microsoft Office context, this likely occurs during document parsing, object lifecycle management, or COM component handling. The vulnerability requires local access (AV:L) to trigger, suggesting it may be exploitable through malicious Office documents opened locally or via local file system interaction. The complexity is low (AC:L), indicating the flaw does not require special conditions, race conditions, or user-specific configurations to trigger reliably.

RemediationAI

  1. Immediate patching: Install the latest Microsoft Office security updates from Microsoft Security Update Guide (msrc.microsoft.com/update-guide) immediately upon availability. 2. Temporary mitigation: Restrict Office document opening from untrusted sources; disable Office macros (if applicable to UAF trigger); implement application whitelisting to limit Office.exe execution contexts. 3. Workarounds: Until patches are deployed, consider: disabling Office preview features in File > Options > Trust Center; using Office in sandboxed/containerized environments; restricting local file access permissions for Office processes. 4. Monitoring: Enable logging for Office process execution and memory corruption events (Windows Event Viewer, SIEM integration). 5. Defense-in-depth: Implement endpoint detection and response (EDR) solutions to detect unusual Office behavior, memory-corruption exploitation techniques, and post-exploitation activities.

Share

EUVD-2025-17735 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy