CVE-2025-59238: 
vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2025-59238) was discovered in Microsoft Office PowerPoint, disclosed on October 14, 2025. This vulnerability affects multiple versions of Microsoft PowerPoint and Office products, including PowerPoint 2016, Microsoft 365 Apps Enterprise (x86 and x64), Office 2019, and Office Long Term Servicing Channel 2021 and 2024 versions (NVD).

The vulnerability is classified as a Use After Free (CWE-416) issue in Microsoft PowerPoint. Microsoft has assigned it a CVSS v3.1 base score of 7.8 (High), with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability requires local access and user interaction, but no privileges, while potentially impacting confidentiality, integrity, and availability at high levels (NVD).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute code locally on the affected system. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (NVD).

Microsoft has released security update KB5002790 to address this vulnerability. The update is available through Microsoft Update, Microsoft Update Catalog, and as a standalone package through the Microsoft Download Center. Users are advised to apply the security update immediately (Microsoft Support).