CVE-2025-47169: 
vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2025-47169) was discovered in Microsoft Office Word and disclosed on June 10, 2025. The vulnerability affects Microsoft Word installations and allows unauthorized attackers to execute code locally (NVD, Wiz).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) but needs user interaction (UI:R). The scope is unchanged (S:U), with high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD, Wiz).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute arbitrary code in the context of the current user. Given the high impact ratings for confidentiality, integrity, and availability, successful exploitation could lead to complete system compromise within the scope of the affected user's privileges (Wiz).

Microsoft has released security updates to address this vulnerability. Users should apply the security update KB5002710 for affected versions of Microsoft Word. The update is available through Microsoft Update, Microsoft Update Catalog, and the Microsoft Download Center (Wiz).