Information Disclosure Vulnerability in Microsoft Excel
CVE-2025-21383

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021; Microsoft Office Ltsc 2021
Vendor: CVE Published:; 11 February 2025

Summary

Microsoft Excel has been found to contain an information disclosure vulnerability that could allow unauthorized individuals to access sensitive information. This vulnerability may cause specific data contained in Excel files to be exposed, potentially leading to unauthorized access to confidential data. Users are advised to apply the latest security patches to mitigate the risks associated with this vulnerability and enhance their data protection strategies.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5487.1000

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024