Cyber Resilience

CVE-2025-53740

High

Published: 12 August 2025

Published
12 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0141 80.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53740 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Office Long Term Servicing Channel. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-53740 is a use-after-free vulnerability, tracked as CWE-416, that affects Microsoft Office. It received a CVSS 3.1 base score of 8.4 reflecting local attack vector, low attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

An unauthorized attacker with local access can exploit the flaw to execute arbitrary code on the target system. The attack requires no user interaction or elevated privileges, enabling direct local code execution that can fully compromise the affected host.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53740 addresses the issue and supplies patch information. The EPSS score has remained flat at 0.0141 with no material rise since disclosure.

EU & UK References

Vulnerability details

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free in Microsoft Office directly enables client-side arbitrary code execution (T1203 Exploitation for Client Execution) with local access and no user interaction required.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24080Same product: Microsoft 365 Apps
CVE-2026-20952Same product: Microsoft 365 Apps
CVE-2025-53731Same product: Microsoft 365 Apps
CVE-2026-40358Same product: Microsoft 365 Apps
CVE-2025-21392Same product: Microsoft 365 Apps
CVE-2026-40366Same product: Microsoft 365 Apps
CVE-2025-21345Same product: Microsoft 365 Apps
CVE-2025-62557Same product: Microsoft 365 Apps
CVE-2026-40361Same product: Microsoft 365 Apps
CVE-2025-49695Same product: Microsoft 365 Apps

Affected Assets

microsoft
365 apps
all versions
microsoft
office
2016, 2019
microsoft
office long term servicing channel
2021, 2024

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely patching of known flaws like the use-after-free vulnerability in Microsoft Office to prevent local code execution.

prevent

SI-16 enforces memory protections such as ASLR and DEP to block arbitrary code execution resulting from use-after-free errors in Microsoft Office.

detect

RA-5 requires vulnerability scanning to identify systems affected by CVE-2025-53740 in Microsoft Office for subsequent remediation.

References