CVE-2025-21383: 
vulnerability analysis and mitigation

Microsoft Excel Information Disclosure Vulnerability (CVE-2025-21383) was disclosed on February 11, 2025. The vulnerability affects multiple Microsoft products including Microsoft 365 Apps Enterprise, Excel 2016, Office 2019, Office 2021 LTSC, and Office 2024 LTSC across different architectures (x86, x64) and platforms (Windows, macOS) (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. According to the CVSS 3.1 scoring, Microsoft Corporation assigned it a High severity score of 7.8 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), while NIST assessed it with a Medium severity score of 5.5 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) (NVD).

The vulnerability could lead to information disclosure in Microsoft Excel. Based on the CVSS scoring, successful exploitation could result in high impacts on confidentiality, with potential for unauthorized information disclosure (NVD).

Microsoft has released security updates to address this vulnerability. The fix is included in the February 11, 2025 security update (KB5002179) for affected versions of Office. Users can obtain the update through Microsoft Update, Microsoft Update Catalog, or the Microsoft Download Center (Microsoft Support).