CVE-2025-59232: 
vulnerability analysis and mitigation

Out-of-bounds read vulnerability in Microsoft Office Excel (CVE-2025-59232) was disclosed on October 14, 2025. This vulnerability affects multiple Microsoft products including Excel 2016, SharePoint Server 2019, Office Online Server, and various versions of Microsoft 365 Apps (NVD CVE).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) that allows unauthorized attackers to disclose information locally. Microsoft has assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (NVD CVE).

The vulnerability can lead to information disclosure when exploited. The high CVSS score indicates significant potential impact on confidentiality and availability of the affected systems, though integrity is not impacted (NVD CVE).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For Excel 2016, the security update KB5002794 has been released, replacing the previous security update 5002782 (Microsoft Excel Update).