Information Disclosure Vulnerability in Microsoft Office Excel
CVE-2025-60728

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc 2024; Microsoft Office Ltsc For Mac 2024
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-60728?

An untrusted pointer dereference vulnerability in Microsoft Office Excel may allow unauthorized attackers to exploit the application, leading to potential exposure of sensitive information over a network. This security risk could be leveraged by attackers to gain unintended access to confidential data, making it critical for users to apply recommended security updates promptly.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Office LTSC 2024 32-bit Systems 16.0.0

Microsoft Office LTSC for Mac 2024 Unknown 16.0.0 < 16.103.25110922

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Sep 26, 2025

JSON