CVE-2025-47175

HIGH

Microsoft 365 Apps and Office - Use-After-Free in PowerPoint

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-47175. PoCs published by Mohammed Idrees Banyamer, mbanyamer.

AI-analyzed exploit summary This Python script generates a malicious PPTX file exploiting a Use-After-Free (UAF) vulnerability in Microsoft PowerPoint 2019. The crafted file triggers the vulnerability when opened, potentially leading to remote code execution.

Description

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Exploits (2)

exploitdb WORKING POC

by Mohammed Idrees Banyamer · pythonremotewindows

https://www.exploit-db.com/exploits/52351

View Code ZIP pw:eip

This Python script generates a malicious PPTX file exploiting a Use-After-Free (UAF) vulnerability in Microsoft PowerPoint 2019. The crafted file triggers the vulnerability when opened, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft PowerPoint 2019 / Office 365 (versions before June 2025 Patch)

No auth needed

Prerequisites: Vulnerable version of Microsoft PowerPoint · User interaction to open the malicious PPTX file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 8 stars

by mbanyamer · poc

https://github.com/mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE

View Code ZIP pw:eip

This repository contains a functional PoC exploit for CVE-2025-47175, a Use-After-Free vulnerability in Microsoft PowerPoint. The script generates a malicious PPTX file designed to trigger the UAF condition, potentially leading to remote code execution when opened in vulnerable versions of PowerPoint.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft PowerPoint 2019 / Office 365 (versions before June 2025 Patch)

No auth needed

Prerequisites: Victim must open the crafted PPTX file in a vulnerable version of PowerPoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Broken Link vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47175

Scores

CVSS v3 7.8

EPSS 0.0205

EPSS Percentile 78.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (5)

microsoft/365_apps

microsoft/office 2019

microsoft/office_long_term_servicing_channel 2021 (2 CPE variants)

microsoft/office_long_term_servicing_channel 2024 (2 CPE variants)

microsoft/powerpoint 2016

Published Jun 10, 2025

Tracked Since Feb 18, 2026