Buffer Over-Read Weakness in Microsoft Office Excel by Microsoft
CVE-2025-32704

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2021; Microsoft Office Ltsc 2024
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-32704?

A buffer over-read vulnerability in Microsoft Office Excel can enable an unauthorized attacker to execute code locally, posing a serious security threat. This affects multiple versions of the software and can potentially allow attackers to extract sensitive information or manipulate the affected system without proper authorization. Organizations using vulnerable versions of Microsoft Excel should prioritize addressing this issue to maintain their cybersecurity posture.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5500.1001

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 9, 2025