Microsoft has issued critical security updates to fix three serious vulnerabilities in Microsoft Office that could allow remote code execution. The flaws CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730 stem from use-after-free memory corruption issues and affect multiple Office versions, including Office 2016, 2019, LTSC 2021 and 2024, Microsoft 365 Apps, and Office for Mac.
Two of the vulnerabilities are rated Critical with CVSS scores of 8.4, and one is rated Important at 7.8. Notably, CVE-2025-53731 and CVE-2025-53740 can be triggered via the Preview Pane, meaning users could be compromised just by previewing a malicious document.
Microsoft confirmed that none of the flaws have been exploited in the wild. Updates are available via KB5002756 for Office 2016 and Click-to-Run for newer versions. Organizations are urged to apply patches immediately and strengthen their vulnerability management strategies to prevent potential attacks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
