#VU117241 Out-of-bounds read in Microsoft products - CVE-2025-59232
Published: October 15, 2025
Vulnerability identifier: #VU117241
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-59232
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Office Online Server
Microsoft SharePoint Server
Microsoft SharePoint Enterprise Server
Microsoft Office
Microsoft Excel
Microsoft Access
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC
Office Online Server
Microsoft SharePoint Server
Microsoft SharePoint Enterprise Server
Microsoft Office
Microsoft Excel
Microsoft Access
Microsoft 365 Apps for Enterprise
Microsoft Office LTSC
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Microsoft Excel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition.
Remediation
Install updates from vendor's website.