CVE-2025-59240 — Sensitive Information Exposure in Microsoft 365 Apps FOR Enterprise

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 89.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft 365 Apps FOR Enterprise Microsoft Excel 2016 Microsoft Office 2019 +5 more

Timeline

PublishedNov 11

Description

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5microsoft/microsoft_excel_201616.0.0.0 — 16.0.5526.1002

▶CVEListV5microsoft/microsoft_office_201919.0.0 — https://aka.ms/OfficeSecurityReleases

▶CVEListV5microsoft/microsoft_office_ltsc_202116.0.1 — https://aka.ms/OfficeSecurityReleases

▶CVEListV5microsoft/microsoft_office_ltsc_202416.0.0 — https://aka.ms/OfficeSecurityReleases

▶NVDmicrosoft/excel2016

🔴Vulnerability Details

GHSA

GHSA-7697-4p89-46w3: Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally↗2025-11-11

▶

CVEList

Microsoft Excel Information Disclosure Vulnerability↗2025-11-11

▶

📋Vendor Advisories

Microsoft

Microsoft Excel Information Disclosure Vulnerability↗2025-11-11

▶