Redazione RHC : 14 August 2025 07:42
Three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems have been addressed by Microsoft with the release of crucial security updates.
These vulnerabilities, tracked under CVE-2025-2025-53731, 53740, and 53730-2025, pose risks to organizations and users worldwide.
Both CVE-2025-53731 and CVE-2025-53740 have received critical severity ratings with CVSS base scores of 8.4, while CVE-2025-53730, which affects Microsoft Office Visio has been classified as important with a CVSS score of 7.8.
These bugs stem from use-after-free memory corruption issues, classified as CWE-416 in the Common Weakness Enumeration database.
These vulnerabilities share a standard attack pattern in which malicious attackers can exploit memory management flaws to execute arbitrary code locally on target systems.
Assessments indicate low attack complexity, no privileges required, and no user interaction required for exploitation.
Particularly alarming is the fact that the preview pane serves as an attack vector for CVE-2025-53731 and CVE-2025-53740, meaning users could be compromised simply by viewing previews of malicious Office documents.
The vulnerabilities affect a wide range of Microsoft Office products, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise, in both 32-bit and 64-bit architectures.
Mac users are also at risk, with Microsoft Office LTSC for Mac versions 2021 and 2024 requiring immediate updates. The widespread impact affects millions of users in enterprise and consumer environments worldwide.
Redazione