Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2025-60728

Опубликовано: 11 нояб. 2025
Источник: msrc
CVSS3: 4.3
EPSS Низкий

Описание

Microsoft Excel Information Disclosure Vulnerability

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

FAQ

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), with minor loss of integrity (I:N) and availability (A:L). What does that mean for this vulnerability?

While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker must send the user a malicious file and convince them to open it.

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

Обновления

ПродуктСтатьяОбновление
Microsoft 365 Apps for Enterprise for 32-bit Systems
Click to Run
-
Microsoft 365 Apps for Enterprise for 64-bit Systems
Click to Run
-
Microsoft Office LTSC 2024 for 32-bit editions
Click to Run
-
Microsoft Office LTSC 2024 for 64-bit editions
Click to Run
-
Microsoft Office LTSC for Mac 2024
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 21%
0.00067
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-60728

CVSS3: 4.3
nvd
3 месяца назад

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

github логотип

GHSA-2mg4-fmh8-qqh3

CVSS3: 4.3
github
3 месяца назад

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

fstec логотип

BDU:2025-14188

CVSS3: 4.3
fstec
3 месяца назад

Уязвимость пакетов программ Microsoft Office и 365 Apps for Enterprise, связанная с чтением за границами буфера в памяти, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 21%
0.00067
Низкий

4.3 Medium

CVSS3