CVE-2025-47994
Published: 08 July 2025
Summary
CVE-2025-47994 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Office. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2025-47994 is a deserialization of untrusted data vulnerability, tracked under CWE-502, that affects Microsoft Office. It received a CVSS v3.1 base score of 7.8 reflecting local attack vector, low attack complexity, no required privileges, and required user interaction, with high impact to confidentiality, integrity, and availability.
An unauthorized attacker can exploit the flaw locally when a user opens or interacts with specially crafted content, enabling the attacker to elevate privileges on the affected system without any prior access rights.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47994 supplies official mitigation guidance and patch information. The associated EPSS score has remained flat at a low value of 0.0141 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20630
Vulnerability details
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization vulnerability in Office enables arbitrary code execution/privilege escalation via malicious file opened by user (T1204.002) and direct exploitation for local privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of flaws, including applying vendor patches for the deserialization vulnerability in Microsoft Office to prevent exploitation.
Establishes secure configuration settings for Microsoft Office, such as enabling Protected View to sandbox untrusted documents and mitigate deserialization attacks.
Deploys malicious code protection mechanisms like antivirus and EDR to scan, block, or detect Office files exploiting the deserialization vulnerability.