CVE-2025-53740
Published: 12 August 2025
Summary
CVE-2025-53740 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-53740 is a use-after-free vulnerability, tracked as CWE-416, that affects Microsoft Office. It received a CVSS 3.1 base score of 8.4 reflecting local attack vector, low attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
An unauthorized attacker with local access can exploit the flaw to execute arbitrary code on the target system. The attack requires no user interaction or elevated privileges, enabling direct local code execution that can fully compromise the affected host.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740 addresses the issue and supplies patch information. The EPSS score has remained flat at 0.0141 with no material rise since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24291
Vulnerability details
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in Microsoft Office directly enables client-side arbitrary code execution (T1203 Exploitation for Client Execution) with local access and no user interaction required.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates timely patching of known flaws like the use-after-free vulnerability in Microsoft Office to prevent local code execution.
SI-16 enforces memory protections such as ASLR and DEP to block arbitrary code execution resulting from use-after-free errors in Microsoft Office.
RA-5 requires vulnerability scanning to identify systems affected by CVE-2025-53740 in Microsoft Office for subsequent remediation.