Information Disclosure Vulnerability in Microsoft Excel by Microsoft
CVE-2025-59232

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Office 2019
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59232?

An out-of-bounds read vulnerability in Microsoft Excel could allow an unauthorized attacker to disclose sensitive information. This flaw can result in unintended data leakage, posing risks to users who rely on Excel for sensitive calculations and data management. It is crucial for users to apply available security updates to mitigate the risk of data disclosure.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5522.1000

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5522.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 11, 2025

JSON