CVE-2025-47994: Microsoft Office Elevation of Privilege Vulnerability

Overview

Severity: High (CVSS 7.8)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category: Elevation of Privilege
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2025-Jul
Released: 2025-07-08
EPSS Score: 0.81% (percentile: 74.2%)

Description

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker can successfully exploit this vulnerability by escaping the Protected View sandbox and running code at Standard User privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send a user a malicious Office file and convince them to open it. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS metric, the attack vector is local (AV:L). How could an attacker exploit this elevation of privilege vulnerability? This attack involves a compromised Protected View Sandbox sending crafted messages to its trusted user process. This causes the user process to execute arbitrary code originating from the sandbox at higher privileges.

Affected Products (10)

Microsoft Office

Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)

Security Updates (1)

5002742

Acknowledgments

Ben Faull with Microsoft

Revision History

2025-07-08: Information published.