CVE-2025-53731
Published: 12 August 2025
Summary
CVE-2025-53731 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-53731 is a use-after-free vulnerability (CWE-416) in Microsoft Office that carries a CVSS 3.1 score of 8.4. The flaw permits an attacker to execute arbitrary code on an affected system when the vulnerable component processes specially crafted content.
An unauthorized attacker can exploit the issue locally without user interaction or elevated privileges. Successful exploitation grants full control over confidentiality, integrity, and availability on the target host, consistent with the high-impact metrics in the vector string AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731 provides official guidance on available patches and mitigation steps for supported Office versions.
The associated EPSS score remains low at 0.0141 with no material increase since publication, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24300
Vulnerability details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Microsoft Office directly enables arbitrary local code execution without privileges or user interaction, mapping to Exploitation for Client Execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely patching and remediation of the use-after-free vulnerability in Microsoft Office to eliminate the flaw.
Implements memory protection mechanisms such as ASLR and DEP that specifically mitigate use-after-free exploitation attempts.
Deploys malicious code protection at entry points to block or detect malicious Office documents exploiting the use-after-free vulnerability.