Aug 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-53733 Published on August 12, 2025
Microsoft Word Remote Code Execution Vulnerability
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Weakness Type
Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Products Associated with CVE-2025-53733
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-53733 are published in these products:
Affected Versions
Microsoft 365 Apps for Enterprise:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below 16.100.25081015 is affected.
- Version 16.0.0 and below 16.100.25081015 is affected.
- Version 16.0.0 and below 16.0.5513.1002 is affected.
- Version 16.0.0 and below 16.0.10417.20041 is affected.
- Version 16.0.1 and below 16.0.5513.1000 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.