A high-severity Use After Free (UAF) vulnerability has been discovered in the office service, affecting multiple products. Successful exploitation of this flaw could allow an attacker to execute arbitrary code on a vulnerable system, potentially leading to a full system compromise, data theft, or service disruption. Organizations are strongly advised to apply the vendor-provided security updates immediately to mitigate this risk.

The vulnerability is a Use After Free (UAF) condition within the office service. This type of memory corruption flaw occurs when the application continues to use a pointer to a memory location after that memory has been deallocated or "freed." An attacker can exploit this by sending specially crafted data to the office service. This can cause the service to write to or read from the now-reallocated memory, leading to unpredictable behavior, a service crash (Denial of Service), or, in a worst-case scenario, the execution of arbitrary code with the privileges of the service account.

This vulnerability is rated as High severity with a CVSS score of 7.8. A successful exploit could have a significant negative impact on the business. If an attacker achieves arbitrary code execution, they could gain control over the affected server or endpoint, enabling them to install malware (such as ransomware), exfiltrate sensitive corporate or customer data, pivot to other systems within the network, or disrupt critical business operations that rely on the affected office products. The consequences include potential data breaches, financial loss, reputational damage, and regulatory penalties.

Immediate Action: The primary remediation is to apply the security updates released by the vendor across all affected systems immediately. Before deployment in production, patches should be tested in a controlled environment to ensure compatibility. Concurrently, security teams should actively monitor for any signs of exploitation and conduct a thorough review of relevant access and application logs for suspicious activity.

Proactive Monitoring: Security teams should monitor for unexpected crashes or restarts of the office service. Review system and application logs for memory access errors or segmentation faults related to the service. Network monitoring should be enhanced to detect anomalous outbound connections or unusual traffic patterns originating from hosts running the vulnerable service, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, consider implementing compensating controls. This includes restricting network access to the vulnerable service to only trusted hosts and users. Employ an Intrusion Prevention System (IPS) with updated signatures capable of detecting and blocking known exploitation patterns for UAF vulnerabilities. Ensure the service is running with the lowest possible user privileges to limit the impact of a potential compromise.

Public Exploit Available: false

Given the high CVSS score of 7.8 and the potential for arbitrary code execution, this vulnerability poses a significant risk to the organization. While CVE-2025-58287 is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime candidate for future exploitation. We strongly recommend that the organization prioritizes the immediate testing and deployment of the vendor-supplied security patches to all affected assets to prevent potential system compromise.