Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers

Microsoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software.

The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, each received a CVSS v3.1 base score of 8.4 and a temporal score of 7.3, highlighting their potential for broad exploitation.

While none of these vulnerabilities have been actively exploited or publicly disclosed as of this update, Microsoft’s assessment indicates that exploitation is more likely for three of the four flaws, emphasizing the urgency for prompt patching.

These vulnerabilities arise from memory corruption and input validation failures, allowing attackers to take control of affected systems through malicious documents or local access.

The most severe of these, CVE-2025-47162, is a heap-based buffer overflow (CWE-122) in ...