CVE-2025-47168 – A use-after-free vulnerability in Microsoft Off... (How to Fix)

Q: What is the severity of CVE-2025-47168?

CVE-2025-47168 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on a victim's system by tricking them into opening a malicious document. This affects users running vulnerable versions of Microsoft Word. Successful exploitation requires user interaction.

📋 TL;DR

A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on a victim's system by tricking them into opening a malicious document. This affects users running vulnerable versions of Microsoft Word. Successful exploitation requires user interaction.

💻 Affected Systems

Products:

Microsoft Office Word

Versions: Specific versions not yet detailed in public advisory; likely affects multiple recent versions.

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user to open a malicious Word document; default macro settings may provide some protection.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local code execution with user privileges, enabling malware installation, credential harvesting, or persistence mechanisms.

🟢

If Mitigated

Limited impact due to application sandboxing, restricted user permissions, or macro security settings blocking document execution.

🌐 Internet-Facing: LOW - Requires user to download and open a malicious document, not directly exploitable via network services.

🏢 Internal Only: MEDIUM - Internal phishing campaigns could exploit this if users open malicious attachments from trusted sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to deliver malicious document; no public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47168

Restart Required: Yes

Instructions:

1. Open Microsoft Office application
2. Go to File > Account > Update Options
3. Select 'Update Now'
4. Restart computer after update completes

🔧 Temporary Workarounds

Disable Word as email editor

windows

Prevents Word from automatically opening email attachments

Open Outlook > File > Options > Mail > Uncheck 'Use Word as email editor'

Enable Protected View

windows

Forces documents from internet to open in read-only mode

File > Options > Trust Center > Trust Center Settings > Protected View > Check all boxes

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized Word documents
Use email filtering to block .doc/.docx attachments from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Word version against patched versions in Microsoft advisory

Check Version:

In Word: File > Account > About Word

Verify Fix Applied:

Verify Word version matches or exceeds patched version in Microsoft Security Update Guide

📡 Detection & Monitoring

Log Indicators:

Word crash logs with memory access violations
Unexpected Word process spawning child processes

Network Indicators:

Unusual outbound connections from Word process

SIEM Query:

Process creation where parent_process contains 'WINWORD.EXE' and command_line contains unusual parameters

📊 Metadata

CVE ID: CVE-2025-47168

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.08% exploit probability (24.3th percentile)

Published: June 10, 2025

Last Updated: July 9, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47168 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47168, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

365 Apps by Microsoft

Office by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Office Long Term Servicing Channel by Microsoft

Sharepoint Enterprise Server by Microsoft

Sharepoint Server by Microsoft

Word by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Word as email editor

Enable Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities