Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems.
The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect multiple versions of Microsoft Office and pose significant security risks to organizations and individual users worldwide.
Key Takeaways
1. Critical Office flaws enable code execution via document preview
2. All Office versions 2016-2024 affected, millions at risk
3. Patches released August 12 – install immediately
Use-After-Free Flaws
The newly disclosed vulnerabilities stem from use-after-free memory corruption issues, classified under CWE-416 in the Common Weakness Enumeration database.
Both CVE-2025-53731 and CVE-2025-53740 received Critical severity ratings with CVSS base scores of 8.4, while CVE-2025-53730, affecting Microsoft Office Visio, was rated as Important with a CVSS score of 7.8.
These vulnerabilities share a standard attack pattern where unauthorized attackers can exploit memory management flaws to execute arbitrary code locally on target systems.
The technical specifications reveal concerning attack vectors, with both critical vulnerabilities featuring a CVSS vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C.
This indicates low attack complexity, no privileges required, and no user interaction needed for exploitation.
Particularly alarming is that the Preview Pane serves as an attack vector for CVE-2025-53731 and CVE-2025-53740, meaning users could be compromised simply by previewing malicious Office documents.
The vulnerabilities affect a comprehensive range of Microsoft Office products, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise across both 32-bit and 64-bit architectures.
Mac users are also at risk, with Microsoft Office LTSC for Mac 2021 and 2024 versions requiring immediate updates. The widespread impact encompasses millions of users across corporate and consumer environments globally.
Security researchers 0x140ce[LLMole], Li Shuang, and willJ with Vulnerability Research Institute, and researchers from Zscaler’s ThreatLabz were credited with discovering these vulnerabilities through coordinated disclosure processes.
Microsoft’s Security Response Center (MSRC) has confirmed that none of these vulnerabilities have been publicly disclosed or exploited in the wild, with exploitability assessments ranging from “Exploitation Unlikely” to “Exploitation Less Likely”.
| CVE | Title | CVSS 3.1 Score | Severity |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | Critical |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | Critical |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | Important |
Mitigations
Microsoft has released comprehensive security updates for all affected Office versions, with update KB5002756 addressing the vulnerabilities in Office 2016 editions.
For newer Office versions, updates are delivered through Click-to-Run mechanisms, with detailed information available through Microsoft’s official security release channels.
Organizations should prioritize the immediate deployment of these updates, given the critical nature of the vulnerabilities and the potential for exploitation of the Preview Pane.
Security teams should establish comprehensive vulnerability management programs that extend beyond traditional patch management, incorporating threat intelligence feeds and proactive monitoring for indicators of compromise (IOCs).
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
