CVE-2025-47957 is a use-after-free vulnerability classified under CWE-416 found in Microsoft Office Word, part of Microsoft 365 Apps for Enterprise version 16.0.1. Use-after-free vulnerabilities occur when a program continues to use a pointer after the memory it points to has been freed, leading to undefined behavior including arbitrary code execution. This specific vulnerability allows an attacker to execute code locally without requiring privileges or user interaction, indicating a low barrier to exploitation. The CVSS v3.1 base score is 8.4, reflecting high impact on confidentiality, integrity, and availability. The vulnerability is exploitable locally (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. The exploitability and impact metrics suggest that successful exploitation could lead to complete system compromise, including data theft, system manipulation, or denial of service. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be considered critical for organizations relying on Microsoft 365 Apps for Enterprise. The vulnerability was reserved in mid-May 2025 and published in June 2025, indicating recent discovery and disclosure.

The vulnerability poses a significant risk to organizations worldwide using Microsoft 365 Apps for Enterprise, especially version 16.0.1. Successful exploitation can lead to arbitrary code execution with full impact on confidentiality, integrity, and availability, potentially allowing attackers to steal sensitive data, manipulate documents, install malware, or disrupt business operations. Since no privileges or user interaction are required, the attack surface is broad, increasing the likelihood of exploitation in internal environments or through compromised endpoints. Enterprises with heavy reliance on Microsoft Office Word for document processing are particularly vulnerable. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as attackers may develop exploits rapidly following public disclosure. The vulnerability could be leveraged in targeted attacks against high-value targets or in widespread campaigns affecting numerous organizations.

Organizations should immediately inventory their Microsoft 365 Apps for Enterprise deployments to identify affected versions, specifically version 16.0.1. Although no official patches are currently available, organizations should monitor Microsoft security advisories closely and apply updates promptly once released. In the interim, applying application control policies to restrict execution of untrusted code and documents can reduce risk. Employing endpoint detection and response (EDR) solutions to monitor for suspicious behavior related to Office Word processes is recommended. Restricting local access to trusted users and enforcing least privilege principles can limit exploitation opportunities. Network segmentation to isolate critical systems and disabling unnecessary macros or scripting features in Office documents can further mitigate attack vectors. Regular user awareness training about the risks of opening untrusted documents remains important despite no user interaction being required for this exploit, as it reduces overall attack surface. Finally, organizations should prepare incident response plans to quickly address potential exploitation.