CVE-2025-53738: 
vulnerability analysis and mitigation

A use-after-free vulnerability has been identified in Microsoft Office Word (CVE-2025-53738), discovered and disclosed on August 12, 2025. This vulnerability affects multiple versions of Microsoft Office products including Microsoft 365 Apps Enterprise, Office 2019, Word 2016, and various Office Long Term Servicing Channel versions across different platforms (x86, x64, and macOS) (NVD).

The vulnerability is classified as a use-after-free (CWE-416) issue that could allow unauthorized attackers to execute code locally. Microsoft has assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability poses significant security risks with high potential impact on confidentiality, integrity, and availability of the affected systems. If successfully exploited, it allows an unauthorized attacker to execute code locally on the affected system (NVD).

Microsoft has released security updates to address this vulnerability. Users can obtain the update through multiple channels including Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For Word 2016, the security update KB5002763 is available and replaces the previously released security update 5002745 (Microsoft Support).