CVE-2025-47168: 
vulnerability analysis and mitigation

CVE-2025-47168 is a remote code execution vulnerability affecting Microsoft Word that was disclosed on June 10, 2025. The vulnerability is classified as a use-after-free issue that allows an unauthorized attacker to execute code locally on affected systems. The vulnerability specifically impacts Microsoft Word 2016 and related Office products (Wiz, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access and user interaction to exploit, but can result in high impacts to confidentiality, integrity, and availability. The vulnerability is classified as CWE-416 (Use After Free), which occurs when previously freed memory is accessed (NVD).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute code locally on the affected system with the privileges of the current user (NVD, Wiz).

Microsoft has released security update KB5002710 to address this vulnerability. The update is available through Microsoft Update, Microsoft Update Catalog, and as a standalone package through the Microsoft Download Center. Users of Microsoft Word 2016 should apply the security update immediately (Wiz).