Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 01 Oct 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft office
Microsoft office Long Term Servicing Channel
CPEs cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x64:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:x86:*
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
Vendors & Products Microsoft office
Microsoft office Long Term Servicing Channel

Mon, 15 Sep 2025 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft 365
Microsoft 365 Apps
Microsoft excel
Microsoft excel For Mac
Microsoft office 2016
Microsoft office 2019
Microsoft office 2021
Microsoft office For Mac
Vendors & Products Microsoft
Microsoft 365
Microsoft 365 Apps
Microsoft excel
Microsoft excel For Mac
Microsoft office 2016
Microsoft office 2019
Microsoft office 2021
Microsoft office For Mac

Tue, 09 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 09 Sep 2025 17:15:00 +0000

Type Values Removed Values Added
Description Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Title Microsoft Excel Information Disclosure Vulnerability
Weaknesses CWE-126
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2025-09-25T23:11:11.379Z

Reserved: 2025-07-31T18:54:19.612Z

Link: CVE-2025-54901

cve-icon Vulnrichment

Updated: 2025-09-09T17:28:22.465Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2025-09-09T17:16:01.323

Modified: 2025-10-01T20:30:15.710

Link: CVE-2025-54901

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-15T10:44:04Z