PatchSiren cyber security CVE debrief
CVE-2025-47953 Microsoft CVE debrief
CVE-2025-47953 is a high-severity Microsoft Office vulnerability that can allow an unauthorized attacker to execute code locally. The supplied record describes the issue as a use-after-free condition, while NVD’s weakness mapping lists CWE-641; either way, the impact rating is severe because the CVSS vector indicates local attack conditions with no privileges or user interaction required and high confidentiality, integrity, and availability impact.
- Vendor
- Microsoft
- Product
- Microsoft 365 Apps for Enterprise
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2025-07-09
- Advisory published
- 2025-06-10
- Advisory updated
- 2025-07-09
Who should care
Endpoint and desktop security teams, Microsoft 365/Office administrators, and SOC teams monitoring managed Windows and Office environments should prioritize this CVE. It is especially relevant for organizations running the affected Office families listed by NVD, including Microsoft 365 Apps for enterprise, Office for Android, Office 2016, Office 2019, and Office LTSC 2021/2024.
Technical summary
The official record characterizes CVE-2025-47953 as a local code execution issue in Microsoft Office with CVSS 3.1 vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (8.4 High). NVD marks Microsoft Office-related products as vulnerable and associates the weakness with CWE-641 in the supplied metadata. Because the attack is local and requires no privileges or user interaction, endpoint exposure and rapid remediation are the main defensive concerns.
Defensive priority
High priority. Although the attack vector is local, the combination of no privileges, no user interaction, and full CIA impact makes this a strong candidate for expedited patching and endpoint-wide exposure review.
Recommended defensive actions
- Review the Microsoft Security Response Center advisory for CVE-2025-47953 and apply the vendor’s fixed builds or mitigation guidance as soon as possible.
- Inventory affected Office deployments, including Microsoft 365 Apps for enterprise, Office 2016/2019, Office LTSC 2021/2024, and Office for Android where applicable.
- Prioritize remediation on managed endpoints used for document handling, especially systems with broad Office usage and elevated business impact.
- Monitor for suspicious local code execution activity on Office endpoints, including unexpected child processes or anomalous Office behavior.
- Validate that patch management, application control, and endpoint protection policies are in place for Office installations across the fleet.
Evidence notes
Based on the official CVE record and NVD detail for CVE-2025-47953. The CVE was published on 2025-06-10 and last modified on 2025-07-09 in the supplied timeline. NVD classifies the issue as analyzed and references the Microsoft advisory. The supplied data does not indicate a KEV listing or known ransomware campaign use. Note: the supplied title/description says use-after-free, while NVD’s weakness field lists CWE-641; treat the exact root-cause label cautiously and rely on Microsoft’s advisory for remediation details.
Official resources
-
CVE-2025-47953 CVE record
CVE.org
-
CVE-2025-47953 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed in the official CVE/NVD record on 2025-06-10 and last modified in NVD on 2025-07-09. No KEV listing is present in the supplied data.