CVE-2025-47162 Microsoft CVE debrief

Who should care

Organizations that manage Microsoft Office across Windows, macOS, Android, or Microsoft 365 Apps should care, especially desktop, endpoint, and software-update teams responsible for LTSC servicing.

Technical summary

The NVD record describes a local attack vector with low complexity and no privileges required (CVSS 3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The weakness is identified as CWE-122, indicating a heap-based buffer overflow in Microsoft Office.

Defensive priority

High. The issue can lead to local code execution in widely deployed Office products, so remediation should be prioritized on endpoints running the affected builds.

Recommended defensive actions

• Apply the Microsoft security update referenced by the MSRC advisory for CVE-2025-47162.
• Inventory affected Office installations and channels, including Microsoft 365 Apps for enterprise, Office 2016/2019, Office LTSC 2021/2024, and any applicable macOS or Android deployments listed in the advisory.
• Prioritize patching on systems where local attacker footholds are plausible, such as managed desktops and shared endpoints.
• Validate update deployment for LTSC and other managed Office servicing channels to confirm the fix reaches all targeted installations.
• Use endpoint monitoring to watch for unexpected Office crashes or anomalous behavior after remediation, as a general hardening check.

Evidence notes

The supplied NVD record is marked 'Analyzed' and cites the Microsoft MSRC advisory as the vendor reference. The corpus shows the CVE published on 2025-06-10 and modified on 2025-07-09. No KEV entry is present in the provided enrichment.

Official resources