CVE-2025-53733: 
vulnerability analysis and mitigation

CVE-2025-53733 is a security vulnerability discovered in Microsoft Office Word that involves incorrect conversion between numeric types. The vulnerability was disclosed on August 12, 2025, and affects multiple versions of Microsoft Office products including SharePoint Enterprise Server 2016, SharePoint Server 2019, Microsoft 365 Apps, and various versions of Microsoft Office and Word (NVD).

The vulnerability is classified as CWE-681 (Incorrect Conversion between Numeric Types) and has received a CVSS v3.1 base score of 8.4 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates local attack vector, low attack complexity, no privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (NVD).

The vulnerability allows an unauthorized attacker to execute code locally on affected systems, potentially compromising the security of the system by gaining control over Microsoft Word applications (NVD).

Microsoft has released security updates to address this vulnerability. The updates are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For Word 2016, the security update KB5002763 has been released to address this and other vulnerabilities (Microsoft Support).