Use After Free Vulnerability in Microsoft Office PowerPoint
CVE-2025-47175

7.8HIGH

Key Information:

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-47175?

A use after free vulnerability exists within Microsoft Office PowerPoint that can potentially allow an unauthorized attacker to execute arbitrary code on a user's system. This flaw occurs when the application improperly manages memory, specifically in scenarios where an object is freed but still accessed thereafter. Attackers exploiting this vulnerability could gain the same user rights as the logged-in user, leading to the possibility of executing malicious scripts that compromise the system's integrity.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.