CVE-2025-27748: 
vulnerability analysis and mitigation

A use-after-free vulnerability in Microsoft Office (CVE-2025-27748) was disclosed on April 8, 2025. This security flaw allows an unauthorized attacker to execute code locally on affected systems. The vulnerability affects various versions of Microsoft Office 2016, including Office Standard, Professional, Professional Plus, Home and Business, and Home and Student editions (Microsoft Support).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (NVD).

If successfully exploited, this vulnerability could allow an unauthorized attacker to execute code locally on the affected system, potentially leading to full system compromise with the same privileges as the logged-in user (NVD).

Microsoft has released security update KB5002700 to address this vulnerability. The update can be obtained through Microsoft Update, Microsoft Update Catalog, or the Microsoft Download Center. Users should note that after installing KB5002700, they must also install KB5002623 (April 10, 2025 update) to resolve a known issue where Microsoft Word, Excel, and Outlook might stop responding (Microsoft Support).