Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-47175 PoC — Microsoft PowerPoint Remote Code Execution Vulnerability

Source
https://github.com/mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE
Associated Vulnerability
Title:Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2025-47175)
Description:Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Description
This repository contains a Proof of Concept (PoC) exploit for the **CVE-2025-47175** vulnerability found in Microsoft PowerPoint.   The vulnerability is a Use-After-Free (UAF) bug that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file.
Readme

# CVE-2025-47175 - Microsoft PowerPoint Use-After-Free (UAF) Remote Code Execution PoC

## Overview

This repository contains a Proof of Concept (PoC) exploit for the **CVE-2025-47175** vulnerability found in Microsoft PowerPoint.  
The vulnerability is a Use-After-Free (UAF) bug that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file.

---

## Description

- **Vulnerability:** Use-After-Free (UAF) in Microsoft PowerPoint  
- **CVE ID:** CVE-2025-47175  
- **Affected Versions:** Microsoft PowerPoint 2019 and Office 365 versions prior to June 2025 Patch (KB5002689)  
- **Attack Vector:** Local — requires victim to open a crafted PPTX file  
- **Impact:** Remote Code Execution (RCE)  

This PoC script generates a malicious PPTX file designed to trigger the UAF vulnerability. Opening the generated file in a vulnerable PowerPoint version may lead to arbitrary code execution.

---

## Usage

```bash
python3 exploit_cve2025_47175.py [options]
```

### Options

| Option          | Description                               | Default                              |
|-----------------|-------------------------------------------|------------------------------------|
| `-o`, `--output` | Output PPTX filename                      | `exploit_cve_2025_47175.pptx`      |
| `-i`, `--id`     | Shape ID (integer)                        | `1234`                             |
| `-n`, `--name`   | Shape Name (string)                       | `MaliciousShape`                   |
| `-t`, `--text`   | Trigger text inside the slide             | `This content triggers CVE-2025-47175 UAF vulnerability.` |

### Example

```bash
python3 exploit_cve2025_47175.py -o evil.pptx -i 5678 -n "BadShape" -t "Triggering CVE-2025-47175 now!"
```

---

## Disclaimer

This PoC is for educational and research purposes only. Unauthorized use against systems without explicit permission is illegal. The author is not responsible for any misuse of this code.

---

## Author

Mohammed Idrees Banyamer  
- Instagram: [@banyamer_security](https://instagram.com/banyamer_security)  
- GitHub: [https://github.com/mbanyamer](https://github.com/mbanyamer)  

---

## References

- [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide)  
- [Exploit-DB](https://www.exploit-db.com/?author=12252)
File Snapshot

 [4.0K]  /data/pocs/be26432f4e182068c5b0d790e7d29f1786a36758
├── [5.3K]  CVE2025-47175.py
├── [ 34K]  LICENSE
└── [2.3K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →