A number of essential vulnerabilities in Microsoft Workplace might enable attackers to execute arbitrary code on affected methods.
The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS rating of 8.4 out of 10 and have an effect on quite a few Workplace variations throughout Home windows, Mac, and Android platforms.
Safety researcher 0x140ce found these flaws, which exploit elementary reminiscence administration weaknesses together with heap-based buffer overflow, use-after-free circumstances, and sort confusion errors.
This vulnerability (CWE-122) originates from improper bounds checking throughout reminiscence allocation in Workplace’s file parsing routines.
Attackers can craft malicious paperwork containing outsized information payloads, triggering a heap-based buffer overflow when processed.
By overwriting adjoining reminiscence areas, attackers acquire management over the instruction pointer, enabling arbitrary code execution with the identical privileges because the logged-in person.
The CVSS vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H highlights the native assault vector (AV:L) and low assault complexity (AC:L), requiring no person interplay (UI:N). Regardless of the “distant” designation within the title, exploitation happens regionally after the malicious file is downloaded or previewed.
Merely viewing a weaponized doc within the Preview Pane triggers the overflow with out person interplay. Malicious macros might automate exploitation upon doc opening.
CVE-2025-47953: Use-After-Free through Improper Useful resource Title Validation
This vulnerability (CWE-641) arises from flawed validation of file and useful resource names, resulting in a use-after-free situation.
When Workplace makes an attempt to entry a reminiscence area after prematurely releasing it, attackers can inject malicious code into the dangling pointer’s location. The flaw scores 8.4 on the CVSS scale, mirroring the severity of CVE-2025-47162.
Specifically crafted filenames set off improper useful resource deallocation. Microsoft charges this as “Exploitation Much less Probably” as a result of precision required to control reminiscence layouts.
The flaw impacts Home windows, macOS (Workplace LTSC 2021/2024), and Android variations, necessitating uniform patching.
CVE-2025-47164: Basic Use-After-Free in Reminiscence Administration
Labeled below CWE-416, this vulnerability stems from Workplace failing to invalidate pointers after releasing reminiscence.
Attackers exploit this by reallocating freed reminiscence with malicious information, resulting in code execution.
The CVSS exploitability evaluation labels this “Exploitation Extra Probably” because of predictable reminiscence reuse patterns.
All Workplace editions since 2016 are weak, emphasizing the necessity for complete patching.
CVE-2025-47167: Kind Confusion in Object Dealing with
This vulnerability (CWE-843) happens when Workplace incorrectly handles object sorts, mistreating a useful resource as an incompatible sort.
Attackers craft paperwork containing malformed objects, inflicting sort confusion that corrupts reminiscence and allows code execution.
The CVSS metrics mirror different flaws, with excessive scores throughout confidentiality, integrity, and availability. Exploitation strategies embrace embedding contradictory sort metadata in paperwork.
Safety Updates Launched Throughout All Platforms
Microsoft launched safety updates on June 10, 2025, masking all main Workplace variations, together with Workplace 2016, Workplace 2019, Workplace LTSC 2021, Workplace LTSC 2024, Microsoft 365 Apps for Enterprise, and Workplace for Android.
The updates are delivered via varied mechanisms, together with Click on-to-Run deployment for enterprise variations and conventional safety replace packages for standalone installations.
Notably, Microsoft 365 cloud-based updates weren’t instantly out there, with the corporate stating that updates “will likely be launched as quickly as doable,” and prospects will obtain notifications via CVE data revisions.
The affected variations span each 32-bit and 64-bit editions, with particular replace packages recognized by construct numbers reminiscent of 16.0.5504.1000 for Workplace 2016 and 16.98.25060824 for Mac variations.
Organizations ought to prioritize making use of these patches instantly, given the essential severity score and excessive exploitability evaluation.
Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
