CVE-2025-47171

MEDIUM

Microsoft Office - Improper Input Validation

Title source: rule

Description

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textremotewindows
https://www.exploit-db.com/exploits/52356

References (1)

Scores

CVSS v3 6.7
EPSS 0.0320
EPSS Percentile 87.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (5)
microsoft/365_apps
microsoft/office 2019
microsoft/office_long_term_servicing_channel 2021
microsoft/office_long_term_servicing_channel 2024
microsoft/outlook 2016
Published Jun 10, 2025
Tracked Since Feb 18, 2026