CVE-2025-21383

CVE-2025-21383 is an information disclosure vulnerability in Microsoft Excel, stemming from CWE-125 (Out-of-bounds Read). It affects Microsoft Excel as part of the Microsoft Office suite, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability was published on 2025-02-11.

An attacker with local access can exploit this vulnerability by tricking a user into performing an action, such as opening a malicious Excel file, due to the low attack complexity and requirement for user interaction but no special privileges. Successful exploitation allows the attacker to achieve high impacts across confidentiality, integrity, and availability, potentially disclosing sensitive information, modifying data, or disrupting system resources.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21383 recommends applying the available security updates to mitigate the vulnerability, as detailed in the update guide.