Skip to main content

CVE-2025-47175: CWE-416: Use After Free in Microsoft Microsoft Office 2019

High
VulnerabilityCVE-2025-47175cvecve-2025-47175cwe-416
Published: Tue Jun 10 2025 (06/10/2025, 17:02:43 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Microsoft Office 2019

Description

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

AI-Powered Analysis

AILast updated: 07/17/2025, 21:08:33 UTC

Technical Analysis

CVE-2025-47175 is a high-severity use-after-free vulnerability identified in Microsoft Office 2019, specifically within the PowerPoint component. The vulnerability is classified under CWE-416, which pertains to use-after-free errors where a program continues to use memory after it has been freed. This flaw allows an unauthorized attacker to execute arbitrary code locally on the affected system. The vulnerability requires local access (Attack Vector: Local), does not require privileges (Privileges Required: None), but does require user interaction (User Interaction: Required), such as opening a malicious PowerPoint file. The vulnerability impacts confidentiality, integrity, and availability, all rated as high. The CVSS v3.1 base score is 7.8, indicating a high severity level. The vulnerability is exploitable without elevated privileges but requires the victim to interact with a crafted file, which could be delivered via phishing or other social engineering methods. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that organizations should prioritize monitoring and mitigation. The vulnerability's exploitation could lead to full compromise of the affected system, allowing attackers to execute arbitrary code, potentially leading to data theft, system manipulation, or further lateral movement within a network.

Potential Impact

For European organizations, this vulnerability poses a significant risk due to the widespread use of Microsoft Office 2019 in corporate, governmental, and educational environments. Successful exploitation could lead to unauthorized code execution on user machines, potentially resulting in data breaches, intellectual property theft, disruption of business operations, and compromise of sensitive information. Given the high confidentiality, integrity, and availability impacts, an attacker could manipulate or exfiltrate critical data or deploy ransomware or other malware. The requirement for user interaction means phishing campaigns or malicious document distribution could be effective attack vectors, which are common threat tactics in Europe. The lack of known exploits currently provides a window for proactive defense, but the absence of patches increases urgency for mitigations. Organizations handling sensitive personal data under GDPR face additional regulatory risks if breaches occur due to this vulnerability.

Mitigation Recommendations

European organizations should implement the following specific mitigations: 1) Enforce strict email filtering and attachment scanning to block or quarantine suspicious PowerPoint files, reducing the risk of malicious document delivery. 2) Educate users on the dangers of opening unsolicited or unexpected Office documents, emphasizing verification of sender identity. 3) Employ application whitelisting and sandboxing technologies to restrict execution of unauthorized code and isolate Office applications. 4) Utilize endpoint detection and response (EDR) solutions to monitor for anomalous behavior indicative of exploitation attempts. 5) Maintain up-to-date backups to enable recovery in case of compromise. 6) Monitor official Microsoft channels closely for patches or updates addressing CVE-2025-47175 and apply them promptly upon release. 7) Consider disabling or restricting macros and embedded content in PowerPoint files where feasible. 8) Implement network segmentation to limit lateral movement if a local compromise occurs. These targeted steps go beyond generic advice by focusing on the specific attack vector and exploitation requirements of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-05-01T17:10:57.981Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f501b0bd07c39389955

Added to database: 6/10/2025, 6:54:08 PM

Last enriched: 7/17/2025, 9:08:33 PM

Last updated: 8/6/2025, 6:26:39 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats