CVE-2025-53733
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-18
Assigner: Microsoft Corporation
Description
Description
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | 365_apps | * |
| microsoft | 365_apps | * |
| microsoft | office | 2019 |
| microsoft | office | 2019 |
| microsoft | office_long_term_servicing_channel | 2021 |
| microsoft | office_long_term_servicing_channel | 2021 |
| microsoft | office_long_term_servicing_channel | 2021 |
| microsoft | office_long_term_servicing_channel | 2024 |
| microsoft | office_long_term_servicing_channel | 2024 |
| microsoft | office_long_term_servicing_channel | 2024 |
| microsoft | sharepoint_enterprise_server | 2016 |
| microsoft | sharepoint_server | 2019 |
| microsoft | word | 2016 |
| microsoft | word | 2016 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-681 | When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by an incorrect conversion between numeric types in Microsoft Office Word, which allows an unauthorized attacker to execute code locally on the affected system.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to execute arbitrary code on your local machine without your permission, potentially leading to full compromise of your system's confidentiality, integrity, and availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70