CVE-2025-47173: 
vulnerability analysis and mitigation

CVE-2025-47173 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Office, discovered and disclosed on June 10, 2025, as part of Microsoft's June 2025 Patch Tuesday security updates. The vulnerability stems from improper input validation in Microsoft Office that allows an unauthorized attacker to execute code locally (Wiz Report, NVD Details).

The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required. Unlike other Office vulnerabilities patched in the same update, CVE-2025-47173 does not use the Preview Pane as an attack vector, requiring user interaction for successful exploitation (NVD Details, Wiz Report).

If successfully exploited, the vulnerability allows an unauthorized attacker to execute arbitrary code locally on the affected system. The vulnerability affects confidentiality, integrity, and availability with high impact ratings. The attack requires user interaction, making it less severe than other Office vulnerabilities patched in the same update cycle (NVD Details).

Microsoft has released a security update to address this vulnerability as part of their June 2025 Patch Tuesday. Users are advised to apply the latest security updates to their Microsoft Office installations to mitigate this vulnerability (Microsoft Patch).