Improper Restriction of Names for Files and Other Resources

CVE-2025-47953

High

8.4/10

Summary

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-641 - Improper Restriction of Names for Files and Other Resources

The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.

References

Advisory Timeline

Published Jun 10, 2025

Improper Restriction of Names for Files and Other Resources

CVE-2025-47953

Summary

CWE-641 - Improper Restriction of Names for Files and Other Resources

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS