CVE-2025-24079: 
vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-24079) was discovered in Microsoft Office Word, disclosed on March 11, 2025. This security flaw affects multiple Microsoft Office products including Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft Word 2016 (NVD, Microsoft Support).

The vulnerability is classified as a use-after-free (CWE-416) issue that could allow code execution. It has received a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The attack vector is local, requiring user interaction but no privileges, and potentially impacts confidentiality, integrity, and availability at a high level (NVD).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute code locally on the affected system, potentially leading to complete compromise of the system's confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the latest security updates through Microsoft Update or download the standalone update package through the Microsoft Update Catalog. For Microsoft Office 2016, the security update KB5002662 has been released (Microsoft Support).