Information Disclosure Vulnerability in Microsoft Excel by Microsoft
CVE-2025-62202

7.1HIGH

Key Information:

Vendor: Microsoft
Status: Office Online Server; Microsoft Office 2019; Microsoft 365 Apps For Enterprise; Microsoft Office Ltsc For Mac 2021
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-62202?

An information disclosure vulnerability in Microsoft Office Excel allows an unauthorized attacker to read data that should be restricted, potentially exposing sensitive information stored locally. This flaw can be exploited under specific conditions, highlighting the importance of timely software updates to mitigate security risks. Users are advised to review security patches and adopt best practices to protect their data.

Affected Version(s)

Microsoft 365 Apps for Enterprise 32-bit Systems 16.0.1

Microsoft Excel 2016 32-bit Systems 16.0.0.0 < 16.0.5526.1002

Microsoft Office 2019 32-bit Systems 19.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Oct 8, 2025

JSON