Use After Free Vulnerability in Microsoft Office Word
CVE-2025-62555

7HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Office 2019
Microsoft 365 Apps For Enterprise
Vendor
CVE Published:
9 December 2025

What is CVE-2025-62555?

A use after free vulnerability in Microsoft Office Word enables an unauthorized attacker to potentially execute arbitrary code locally. By exploiting this vulnerability, attackers can manipulate memory allocations to execute malicious code, resulting in a breach of system integrity and security. Users are advised to apply the latest security updates to safeguard against potential exploitation.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office 2019 32-bit Systems 19.0.0

Microsoft Office LTSC 2021 x64-based Systems 16.0.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62555 : Use After Free Vulnerability in Microsoft Office Word