Microsoft Office Vulnerabilities Allow Remote Code Execution by Attackers

Microsoft disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite on June 10, 2025, posing significant risks to organizations and individuals relying on the ubiquitous productivity software.

The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS v3.1 base score of 8.4 and temporal score of 7.3, reflecting their potential for widespread exploitation.

While none have been actively exploited or publicly disclosed, Microsoft’s exploitability assessments indicate three vulnerabilities are “Exploitation More Likely,” raising urgency for patching.

The weaknesses span memory corruption and input validation failures, enabling attackers to hijack systems through malicious documents or local access.

The most severe vulnerability, CVE-2025-47162, stems from a heap-based buffer overflow (CWE-122) in Office’s document parsing logic.

Attackers could craft files that trigger uncontrolled memory writes, potentially bypassing security mitigations like Address Space Layout Randomization (ASLR).

Meanwhile, CVE-2025-47164 and CVE-2025-47167 exploit use-after-free (CWE-416) and type confusion (CWE-843) weaknesses, respectively.

These memory safety violations occur when Office fails to properly manage object lifetimes or validate data types, allowing arbitrary code execution by reallocating or misinterpreting memory chunks.

Notably, CVE-2025-47953 deviates from memory corruption vectors, instead involving improper restriction of filenames (CWE-641).

This flaw enables malicious actors to bypass Office’s file validation checks by using specially crafted filenames, leading to unintended resource access or code execution.

All vulnerabilities require local access (CVSS Attack Vector: AV:L) but grant full system control, as successful exploits compromise confidentiality, integrity, and availability (CVSS Impact Metrics: C:H/I:H/A:H).

Microsoft attributes these vulnerabilities to insufficient bounds checks, memory management errors, and validation oversights during document processing.

The convergence of multiple critical RCE vectors in a single software suite amplifies risks, particularly for enterprises handling untrusted files.

Microsoft Office Vulnerabilities

Microsoft has released security updates addressing all four vulnerabilities as part of its June 2025 Patch Tuesday cycle.

Organizations are urged to prioritize applying KB5000001 (for Office 2019) and KB5000002 (for Microsoft 365 Apps) immediately.

For systems unable to patch immediately, Microsoft recommends disabling Office’s “Enable all macros without notification” setting, implementing Application Guard for Office, and blocking suspicious file types at email gateways.

While the absence of active exploitation provides a mitigation window, the high exploitability likelihood for three vulnerabilities demands rapid action.

Security teams should monitor for anomalous document processing activity and educate users on avoiding untrusted file downloads.

Microsoft’s advisory underscores that these vulnerabilities bypass traditional signature-based detection, necessitating behavior-based threat hunting and memory-safe coding practices for long-term resilience.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.

Mayura
Mayura
Mayura Kathir is a cybersecurity reporter at GBHackers News, covering daily incidents including data breaches, malware attacks, cybercrime, vulnerabilities, zero-day exploits, and more.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here