Published: June 11, 2025
Threat Level: High
Affected Product: Microsoft Outlook (Microsoft 365 Apps for Enterprise, Office LTSC 2024)
CVSS Score: 7.8 (High)
A newly disclosed vulnerability in Microsoft Outlook (CVE-2025-47176) is drawing attention from defenders worldwide. The flaw affects Microsoft 365 Apps for Enterprise and Office LTSC 2024. It allows an authenticated local attacker to execute arbitrary code on a system, without requiring user interaction.
The vulnerability stems from improper validation of path traversal sequences (…/…//) within Outlook. While Microsoft classifies this as a local attack vector, the potential for lateral movement or privilege escalation makes this a serious concern for enterprise environments.
Key Technical Details:
- Type: Remote Code Execution (RCE) – triggered locally
- Path Traversal Component: CWE-22
- No admin privileges required
- No Preview Pane risk
- Attack does not require user interaction
Although exploitation in the wild has not yet been reported, patches have been issued and organizations are strongly advised to act preemptively.
Who’s at Risk:
- Enterprises using Microsoft 365 Apps for Enterprise (32-bit & 64-bit)
- Systems running Office LTSC 2024
- Environments where Outlook is installed on shared or multi-user workstations
OP Innovate Recommendations:
Patch Immediately
Microsoft has released security updates as of June 10, 2025. Organizations should install the latest version via Office Security Releases.
Audit Local Access
Review logs for suspicious local activity, especially by low-privileged users accessing Outlook processes or files.
Threat Hunt for Path Traversal Patterns
Infostealers and lateral movement tools often exploit similar directory traversal logic. Look for abnormal filesystem access attempts.
