CVE-2025-47171

MEDIUM

Microsoft Office Outlook - Authenticated Local Code Execution via Improper Input Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-47171. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This PoC demonstrates CVE-2025-47176 by injecting a crafted mail item into Microsoft Outlook with a malicious sync path, triggering a system restart upon detection. It requires Outlook to be installed and uses Python with the pywin32 package to interact with Outlook's COM interface.

Description

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textremotewindows
https://www.exploit-db.com/exploits/52356

This PoC demonstrates CVE-2025-47176 by injecting a crafted mail item into Microsoft Outlook with a malicious sync path, triggering a system restart upon detection. It requires Outlook to be installed and uses Python with the pywin32 package to interact with Outlook's COM interface.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Outlook (version not specified)
Auth required
Prerequisites: Outlook installed and configured · Python 3.x with pywin32 package · Access to Outlook's COM interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.7
EPSS 0.0252
EPSS Percentile 85.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (5)
microsoft/365_apps
microsoft/office 2019
microsoft/office_long_term_servicing_channel 2021
microsoft/office_long_term_servicing_channel 2024
microsoft/outlook 2016
Published Jun 10, 2025
Tracked Since Feb 18, 2026