CVE-2025-24078:CVE-2025-24078 is a high severity vulnerability in Microsoft Word that allows an unauthorized attacker to execute code locally due to a use-after-free error.

splash
Back

Description Preview

CVE-2025-24078 is a critical vulnerability that has been identified in several versions of Microsoft Office, including Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2024, and Microsoft Word 2016. This vulnerability is caused by a use-after-free error in Microsoft Word, which could allow an unauthorized attacker to execute arbitrary code on the system of a victim. The vulnerability has a CVSS base score of 7, indicating a high level of severity.

Overview

The vulnerability is caused by a use-after-free error in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on the victim's system. The affected versions include Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC for Mac 2021, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, Microsoft Office LTSC for Mac 2024, and Microsoft Word 2016. The vulnerability has been assigned the identifier CVE-2025-24078.

Remediation

Users are advised to update their Microsoft Office products to the latest versions as provided by Microsoft. The specific versions that are not affected by this vulnerability can be found at the following URL: https://aka.ms/OfficeSecurityReleases. It is also recommended to always be cautious when opening documents from unknown sources, as they could potentially exploit this vulnerability.

References

For more information about this vulnerability, you can refer to the official Microsoft advisory at the following URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24078.

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Public Administration
    Public Administration
  3. Health Care & Social Assistance
    Health Care & Social Assistance
  4. Finance and Insurance
    Finance and Insurance
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Educational Services
    Educational Services
  7. Retail Trade
    Retail Trade
  8. Utilities
    Utilities
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  11. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  12. Management of Companies & Enterprises
    Management of Companies & Enterprises
  13. Information
    Information
  14. Accommodation & Food Services
    Accommodation & Food Services
  15. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  16. Mining
    Mining
  17. Construction
    Construction
  18. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  19. Wholesale Trade
    Wholesale Trade
  20. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database