Out-of-bounds Read Vulnerability in Microsoft Excel
CVE-2025-59235

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Sharepoint Enterprise Server 2016; Microsoft Sharepoint Server 2019; Microsoft Office 2019
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59235?

An out-of-bounds read vulnerability in Microsoft Office Excel permits unauthorized attackers to disclose sensitive information from the affected application. This flaw can be exploited by targeting specific malformed data, which may inadvertently lead to the disclosure of information within the local environment. Users are advised to apply the necessary updates and security patches provided by Microsoft to safeguard their applications.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Access 2016 (32-bit edition) Unknown 16.0.0 < 16.0.5522.1000

Microsoft Access 2016 x64-based Systems 16.0.0 < 16.0.5522.1000

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 11, 2025

JSON