Nov 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59240 Published on November 11, 2025
Microsoft Excel Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-59240 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-59240
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft 365 Apps for Enterprise:- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0.0 and below 16.0.5526.1002 is affected.
- Version 19.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.1 and below https://aka.ms/OfficeSecurityReleases is affected.
- Version 16.0.0 and below https://aka.ms/OfficeSecurityReleases is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.