CVE-2025-47176Path Traversal: '.../...//' in Microsoft 365 Apps FOR Enterprise

CWE-35Path Traversal: '.../...//'CWE-22Path TraversalCWE-77Command InjectionCWE-476NULL Pointer Dereference7 documents7 sources
Severity
7.8HIGHNVD
EPSS
1.2%
top 20.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024Microsoft Office Long Term Servicing Channel
Timeline
PublishedJun 10
Latest updateSep 11

Description

'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/microsoft_office_ltsc_202416.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

3
GHSA
GHSA-7v3j-qcv2-4wc4: '2025-06-10
CVEList
Microsoft Outlook Remote Code Execution Vulnerability2025-06-10
VulnCheck
Microsoft Office Path Traversal: '.../...//'2025

💥Exploits & PoCs

1
Exploit-DB
Microsoft Outlook - Remote Code Execution (RCE)2025-07-08

📋Vendor Advisories

2
Red Hat
cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS2025-09-11
Microsoft
Microsoft Outlook Remote Code Execution Vulnerability2025-06-10
CVE-2025-47176 — Path Traversal: '.../...//' | cvebase