CVE-2025-60728Out-of-bounds Read in Microsoft 365 Apps FOR Enterprise

CWE-125Out-of-bounds ReadCWE-822Untrusted Pointer Dereference4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 88.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft 365 Apps FOR EnterpriseMicrosoft Office Ltsc 2024Microsoft Office Ltsc FOR MAC 2024+1 more
Timeline
PublishedNov 11

Description

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft/microsoft_office_ltsc_202416.0.0https://aka.ms/OfficeSecurityReleases
CVEListV5microsoft/microsoft_office_ltsc_for_mac_202416.0.016.103.25110922
CVEListV5microsoft/microsoft_365_apps_for_enterprise16.0.1https://aka.ms/OfficeSecurityReleases

🔴Vulnerability Details

2
CVEList
Microsoft Excel Information Disclosure Vulnerability2025-11-11
GHSA
GHSA-2mg4-fmh8-qqh3: Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network2025-11-11

📋Vendor Advisories

1
Microsoft
Microsoft Excel Information Disclosure Vulnerability2025-11-11
CVE-2025-60728 — Out-of-bounds Read in Microsoft | cvebase