TT-CSIRT – 447.14.08.25 – Microsoft Office Vulnerabilities
Be advised, Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems.
The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect Microsoft Office versions 2016 – 2024, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 Apps for Enterprise across both 32-bit and 64-bit architectures, posing significant security risks to organizations and individual users worldwide. Mac users are also at risk, with Microsoft Office LTSC for Mac 2021 and 2024 versions, requiring immediate updates.
These vulnerabilities share a standard attack pattern where unauthorized attackers can exploit memory management flaws to execute arbitrary code locally on target systems, indicating low attack complexity, no privileges required, and no user interaction needed for exploitation.
Particularly alarming is that the Preview Pane serves as an attack vector for CVE-2025-53731 and CVE-2025-53740, meaning users could be compromised simply by previewing malicious Office documents.
| CVE | Title | CVSS 3.1 Score | Severity |
| CVE-2025-53731 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | Critical |
| CVE-2025-53740 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | Critical |
| CVE-2025-53730 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | Important |
Mitigations
Microsoft has released comprehensive security updates for all affected Office versions, with update KB5002756 addressing the vulnerabilities in Office 2016 editions.
For newer Office versions, updates are delivered through Click-to-Run mechanisms, with detailed information available through Microsoft’s official security release channels.
Organizations should prioritize the immediate deployment of these updates, given the critical nature of the vulnerabilities and the potential for exploitation of the Preview Pane.
References:
https://cybersecuritynews.com/microsoft-office-rce-vulnerabilities/
If you have any queries, comments or require assistance, please feel free to contact TT-CSIRT via contacts@ttcsirt.gov.tt
