CVE-2025-24079
Published: 11 March 2025
Summary
CVE-2025-24079 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 43.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the use-after-free vulnerability in Microsoft Office Word by requiring timely application of vendor patches to prevent local code execution.
Implements memory protection mechanisms like ASLR and DEP to block unauthorized code execution from use-after-free exploits in Word.
Deploys malicious code protection tools to scan and block malicious Word documents exploiting the use-after-free vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Office Word enables arbitrary code execution via malicious document requiring user interaction, directly mapping to client-side exploitation (T1203) and malicious file execution (T1204.002).
NVD Description
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Deeper analysisAI
CVE-2025-24079 is a use-after-free vulnerability (CWE-416) in Microsoft Office Word. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The flaw enables an unauthorized attacker to execute code locally on affected systems running vulnerable versions of Microsoft Office Word.
An attacker can exploit this vulnerability with local access to the target system, requiring no privileges (PR:N) but necessitating user interaction (UI:R), such as convincing a user to open a malicious Word document. Successful exploitation leads to arbitrary code execution in the context of the Word process, granting high-impact confidentiality, integrity, and availability consequences (C:H/I:H/A:H) without changing scope.
The Microsoft Security Response Center (MSRC) provides detailed guidance on this vulnerability, including mitigation steps and patches, via its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24079. Security practitioners should consult this resource for affected versions and deployment instructions.
Details
- CWE(s)