CVE-2025-27747

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27747
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
History

09 Jul 2025, 13:59

Type Values Removed Values Added
First Time Microsoft
Microsoft word
Microsoft sharepoint Enterprise Server
Microsoft sharepoint Server
Microsoft 365 Apps
Microsoft office
Microsoft office Long Term Servicing Channel
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27747 - Vendor Advisory
CPE cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*

09 Apr 2025, 20:03

Type Values Removed Values Added
Summary
  • (es) Use after free en Microsoft Office Word permite que un atacante no autorizado ejecute código localmente.

08 Apr 2025, 18:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-08 18:16

Updated : 2025-07-09 13:59

NVD link : CVE-2025-27747

Mitre link : CVE-2025-27747

CVE.ORG link : CVE-2025-27747

JSON object : View

Products Affected

microsoft

  • word
  • 365_apps
  • sharepoint_enterprise_server
  • office
  • office_long_term_servicing_channel
  • sharepoint_server
CWE
CWE-822

Untrusted Pointer Dereference