CVE-2025-59231

Summary

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft 365 Apps for Enterprise16.0.1 < https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Excel 201616.0.0.0 < 16.0.5522.1000affected
MicrosoftMicrosoft Office 201919.0.0 < https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC 202116.0.1 < https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC 202416.0.0 < https://aka.ms/OfficeSecurityReleasesaffected
MicrosoftMicrosoft Office LTSC for Mac 202116.0.1 < 16.102.25101223affected
MicrosoftMicrosoft Office LTSC for Mac 202416.0.0 < 16.102.25101223affected
MicrosoftOffice Online Server16.0.0.0 < 16.0.10417.20059affected

Weaknesses

  • CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References