Microsoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems.
The vulnerabilities, identified as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, were released on August 12, 2025, and pose significant security risks to organizations and individual users worldwide.
All three vulnerabilities stem from use-after-free memory corruption issues that could allow unauthorized code execution with elevated privileges.
Critical Vulnerabilities Discovered
The most severe of the three vulnerabilities, CVE-2025-53731 and CVE-2025-53740, both carry Critical severity ratings and affect core Microsoft Office components.
These vulnerabilities exploit use-after-free memory corruption flaws, a common class of security weakness that occurs when programs continue to use memory after it has been freed.
| CVE ID | Component | Severity | CVSS Score | User Interaction | Impact |
| CVE-2025-53731 | Microsoft Office | Critical | 8.4 / 7.3 | None Required | Remote Code Execution |
| CVE-2025-53740 | Microsoft Office | Critical | Not Specified | Not Specified | Remote Code Execution |
| CVE-2025-53730 | Microsoft Office Visio | Important | 7.8 / 6.8 | Required | Remote Code Execution |
Such vulnerabilities can be particularly dangerous as they provide attackers with opportunities to manipulate system memory and execute arbitrary code.
CVE-2025-53731 presents the highest risk with a CVSS score of 8.4, indicating that successful exploitation requires local access but no user interaction, making it especially concerning for enterprise environments.
The vulnerability allows attackers to achieve high levels of confidentiality, integrity, and availability impact on targeted systems.
The third vulnerability, CVE-2025-53730, specifically targets Microsoft Office Visio and carries an Important severity rating.
While slightly less severe than its counterparts, this vulnerability still poses substantial risks, particularly for organizations that rely heavily on Visio for business-critical diagram and flowchart creation.
The discovery of these vulnerabilities highlights the ongoing challenges organizations face in maintaining secure computing environments.
Use-after-free vulnerabilities are particularly concerning because they can be exploited to bypass modern security mechanisms and achieve reliable code execution on target systems.
Security researchers emphasize that these vulnerabilities could be weaponized by threat actors to deploy malware, steal sensitive information, or establish persistent access to compromised networks.
The local attack vector requirement for CVE-2025-53731 and CVE-2025-53740 suggests that attackers would need initial access to target systems, potentially through phishing campaigns or other social engineering techniques.
Organizations should prioritize applying security updates as soon as Microsoft releases patches for these vulnerabilities.
IT administrators are advised to monitor Microsoft’s security advisories closely and implement appropriate network segmentation and access controls to limit potential exploitation opportunities until patches become available.
AWS Security Services: 10-Point Executive Checklist - Download for Free
Source link
