Remote Code Execution Vulnerability in Microsoft Outlook
CVE-2025-47176

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 10 June 2025

Badges

📰 News Worthy

What is CVE-2025-47176?

CVE-2025-47176 is a remote code execution vulnerability found within Microsoft Outlook, a widely used email client that facilitates communication and organization through email services. This vulnerability allows an authorized attacker to execute arbitrary code on the local system, compromising the integrity, confidentiality, and availability of user data and functions. Given the prevalent use of Outlook in corporate environments for managing communications and schedules, exploitation of this flaw could lead to significant disruptions. Attackers may leverage this vulnerability to manipulate email accounts, access sensitive information, or deploy further attacks within the network.

Technical details surrounding this vulnerability indicate that it stems from insufficient validation of user input within Outlook processes, which could be exploited to run malicious scripts or commands without proper authentication checks.

Potential Impact of CVE-2025-47176

Unauthorized Code Execution: The primary risk associated with CVE-2025-47176 is the potential for unauthorized code execution on user devices. If successfully exploited, attackers could gain control over the affected systems, allowing them to install malware, steal data, or conduct other malicious activities.
Data Breaches: Organizations relying on Microsoft Outlook for daily operations may face severe data breaches as a result of this vulnerability. Sensitive corporate communications or client data could be accessed by malicious actors, leading to privacy violations and financial repercussions.
Increased Attack Surface: This vulnerability could serve as an entry point for further attacks, which could widen the overall threat landscape of an organization. By compromising Outlook, attackers may pivot to other systems within an organization’s network, making it easier to conduct advanced persistent threats or ransomware attacks, thus exacerbating the overall risk to organizational security.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office LTSC 2024 32-bit Systems 1.0.0

News Articles

Morphisec

CVE-2025-47171 CVE-2025-47176

Microsoft Patches Two New RCE Vulnerabilities: CVE-2025-47171 and CVE-2025-47176

Morphisec Threat Labs discovers and details two severe Microsoft Outlook vulnerabilities: CVE-2025-47171 and CVE-2025-47176.

15 hours ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Morphisec
Jun 11, 2025
Vulnerability published
Jun 10, 2025
Vulnerability Reserved
May 1, 2025