Skip to main content

CVE-2025-47164: CWE-416: Use After Free in Microsoft Microsoft Office 2019

High
VulnerabilityCVE-2025-47164cvecve-2025-47164cwe-416
Published: Tue Jun 10 2025 (06/10/2025, 17:02:37 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Microsoft Office 2019

Description

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

AI-Powered Analysis

AILast updated: 07/10/2025, 21:47:49 UTC

Technical Analysis

CVE-2025-47164 is a high-severity use-after-free vulnerability identified in Microsoft Office 2019, specifically version 19.0.0. The vulnerability is categorized under CWE-416, which involves improper handling of memory after it has been freed, leading to potential exploitation. In this case, the flaw allows an unauthorized attacker to execute arbitrary code locally on the affected system without requiring any user interaction or prior authentication. The vulnerability arises because Microsoft Office 2019 improperly manages memory, freeing it prematurely and then using the freed memory, which can be manipulated by an attacker to control the program's execution flow. The CVSS v3.1 base score of 8.4 reflects a high severity, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the nature of the vulnerability means that once an exploit is developed, it could lead to full system compromise. The vulnerability affects Microsoft Office 2019, a widely used productivity suite in enterprise and government environments, making it a significant risk for organizations relying on this software version. The lack of available patches at the time of publication increases the urgency for organizations to monitor for updates and apply mitigations.

Potential Impact

For European organizations, this vulnerability poses a substantial risk due to the widespread use of Microsoft Office 2019 across various sectors including government, finance, healthcare, and critical infrastructure. Successful exploitation could lead to unauthorized code execution, allowing attackers to gain control over affected systems, steal sensitive data, disrupt operations, or deploy ransomware. The local attack vector means that attackers need some form of access to the target machine, which could be achieved through phishing, malicious insider actions, or compromised endpoints. Given the high impact on confidentiality, integrity, and availability, organizations could face data breaches, operational downtime, and reputational damage. The absence of required user interaction increases the threat level as exploitation can occur silently once local access is obtained. This vulnerability is particularly concerning for organizations with less mature endpoint security or those that have not yet updated their Office installations. Additionally, the potential for lateral movement within networks after initial compromise could amplify the impact across European enterprises.

Mitigation Recommendations

To mitigate this vulnerability effectively, European organizations should prioritize the following actions: 1) Immediate inventory and identification of all systems running Microsoft Office 2019 version 19.0.0 to assess exposure. 2) Implement strict access controls and endpoint security measures to limit local access to trusted users and devices, reducing the risk of local exploitation. 3) Employ application whitelisting and behavior-based endpoint detection to identify and block suspicious activities that may indicate exploitation attempts. 4) Monitor for any unofficial patches or advisories from Microsoft and apply official updates promptly once released. 5) Educate users about the risks of phishing and social engineering attacks that could lead to local access by attackers. 6) Utilize network segmentation to contain potential compromises and prevent lateral movement. 7) Consider deploying additional memory protection technologies such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) where applicable to hinder exploitation. 8) Regularly back up critical data and verify recovery procedures to minimize impact in case of successful attacks. These targeted measures go beyond generic advice by focusing on reducing local access risk, enhancing detection capabilities, and preparing for incident response specific to this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-05-01T17:10:57.980Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f521b0bd07c39389c53

Added to database: 6/10/2025, 6:54:10 PM

Last enriched: 7/10/2025, 9:47:49 PM

Last updated: 8/3/2025, 12:37:27 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats