CVE-2025-59240 MEDIUM

CVE-2025-59240: Microsoft Excel Information Disclosure Vulnerability

Vendor Microsoft

Product Microsoft 365 Apps for Enterprise

Weakness CWE-200 · Info exposure

Published November 11, 2025

Last update February 13, 2026

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

February 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-59240 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2025-59240

CWE CWE-200

CVSS 5.5 / MEDIUM

Affected versions

Vendor Microsoft

Product Microsoft 365 Apps for Enterprise

Affected ≥ 16.0.1 and < https://aka.ms/OfficeSecurityReleases

Vendor Microsoft

Product Microsoft Excel 2016

Affected ≥ 16.0.0.0 and < 16.0.5526.1002

Vendor Microsoft

Product Microsoft Office 2019

Affected ≥ 19.0.0 and < https://aka.ms/OfficeSecurityReleases

Vendor Microsoft

Product Microsoft Office LTSC 2021

Affected ≥ 16.0.1 and < https://aka.ms/OfficeSecurityReleases

Vendor Microsoft

Product Microsoft Office LTSC 2024

Affected ≥ 16.0.0 and < https://aka.ms/OfficeSecurityReleases

CVE-2025-59240: Microsoft Excel Information Disclosure Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE