CVE-2025-53733
Published: 12 August 2025
Summary
CVE-2025-53733 is a high-severity Incorrect Conversion between Numeric Types (CWE-681) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-53733 is an incorrect numeric type conversion vulnerability, tracked under CWE-681, that affects Microsoft Office Word. The flaw carries a CVSS 3.1 base score of 8.4 and permits an attacker to execute arbitrary code on an affected system when a specially crafted document is processed.
An unauthorized attacker with local access and no user interaction or privileges can exploit the issue to achieve full code execution, resulting in complete compromise of confidentiality, integrity, and availability on the target host. The attack vector is strictly local, limiting remote exploitation without prior access to the system.
Microsoft has published an advisory detailing the vulnerability and available updates at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733. The associated EPSS score remains low and unchanged at 0.0143, indicating no significant increase in observed exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24298
Vulnerability details
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Type confusion flaw in Word directly enables local arbitrary code execution via client application exploitation (T1203).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation directly corrects the incorrect numeric type conversion vulnerability in Microsoft Office Word via vendor patches, preventing local code execution.
Memory protection safeguards such as DEP and ASLR prevent unauthorized code execution resulting from the type conversion error in Word.
Secure configuration settings for Microsoft Office Word, including Protected View, mitigate exploitation of document parsing vulnerabilities like this numeric conversion flaw.