Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers

Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software.

The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, each received a CVSS v3.1 base score of 8.4 and a temporal score of 7.3, highlighting their potential for broad exploitation.

While none of these vulnerabilities have been actively exploited or publicly disclosed as of this update, Microsoft’s assessment indicates that exploitation is more likely for three of the four flaws, emphasizing the urgency for prompt patching.

These vulnerabilities arise from memory corruption and input validation failures, allowing attackers to take control of affected systems through malicious documents or local access.

The most severe of these, CVE-2025-47162, is a heap-based buffer overflow (CWE-122) in Office’s document parsing logic.

Attackers can exploit this by crafting files that trigger uncontrolled memory writes, potentially bypassing security protections such as Address Space Layout Randomization (ASLR).

CVE-2025-47164 and CVE-2025-47167 exploit use-after-free (CWE-416) and type confusion (CWE-843) weaknesses, respectively.

These errors occur when Office fails to properly manage object lifetimes or validate data types, enabling arbitrary code execution by misallocating or misinterpreting memory.

In contrast, CVE-2025-47953 does not involve memory corruption; instead, it stems from improper restriction of filenames (CWE-641), allowing attackers to bypass Office’s file validation checks with specially crafted filenames and potentially gain unauthorized access or execute code.

All four vulnerabilities require local access (CVSS Attack Vector: AV:L), but successful exploitation can grant attackers full system control, compromising confidentiality, integrity, and availability (CVSS Impact Metrics: C:H/I:H/A:H).

Microsoft attributes these issues to insufficient bounds checks, memory management errors, and validation oversights during document processing.

The presence of multiple critical RCE vulnerabilities within a single software suite significantly increases risk, especially for enterprises that routinely handle untrusted files.

Mitigation and Response

Microsoft has released security updates to address all four vulnerabilities as part of its June 2025 Patch Tuesday cycle.

Organizations are urged to prioritize applying relevant updates—such as KB5000001 for Office 2019 and KB5000002 for Microsoft 365 Apps—immediately.

For systems that cannot be patched right away, Microsoft recommends disabling the “Enable all macros without notification” setting in Office, implementing Application Guard for Office to isolate untrusted files, and blocking suspicious file types at email gateways.

Although there is currently no evidence of active exploitation, the high likelihood of future attacks for three of the vulnerabilities demands rapid action.

Security teams should monitor for unusual document processing activity and educate users about the risks of downloading untrusted files.

Microsoft’s advisory further emphasizes that these vulnerabilities can bypass traditional signature-based detection, underscoring the importance of behavior-based threat hunting and adopting memory-safe coding practices for long-term security resilience.