CVE-2025-60728 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) found in Microsoft Excel within the Microsoft 365 Apps for Enterprise suite, version 16.0.1. This flaw arises when Excel improperly handles pointer references from untrusted sources, leading to potential dereferencing of invalid or malicious pointers. Such behavior can cause the application to disclose sensitive information over a network without requiring the attacker to have privileges or authentication, although user interaction is necessary to trigger the vulnerability. The vulnerability primarily impacts availability, potentially causing application crashes or denial of service, but also enables unauthorized information disclosure. The CVSS v3.1 base score is 4.3 (medium), reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction. No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability is significant because Microsoft Excel is widely used in enterprise environments, and exploitation could lead to leakage of sensitive data or disruption of business processes. The flaw stems from improper validation of pointers, which can be manipulated by crafted Excel files or malicious network payloads. Attackers could leverage this to extract information or cause instability in affected systems. Given the widespread deployment of Microsoft 365 Apps, this vulnerability demands attention from security teams to prevent exploitation.

For European organizations, the impact of CVE-2025-60728 includes potential unauthorized disclosure of sensitive information and disruption of Excel availability. This can affect business operations, especially in sectors relying heavily on Excel for data analysis, reporting, and financial operations. The vulnerability could be exploited via crafted Excel files delivered through email or network vectors, leading to data leakage or denial of service. Organizations handling sensitive or regulated data (e.g., finance, healthcare, government) may face compliance risks if information is exposed. The medium severity score indicates moderate risk, but the ease of exploitation without privileges and the widespread use of Microsoft 365 elevate the threat. Disruption of Excel services can impact productivity and cause operational delays. Additionally, attackers could use this vulnerability as a foothold for further attacks within corporate networks. European entities with remote or hybrid workforces may be more exposed due to increased file sharing and network access. Overall, the vulnerability poses a tangible risk to confidentiality and availability in European enterprise environments.

1. Restrict the opening of Excel files from untrusted or unknown sources, especially those received via email or downloaded from the internet. 2. Implement strict email filtering and attachment scanning to detect and block potentially malicious Excel files. 3. Employ network segmentation and monitoring to detect unusual data exfiltration or application crashes related to Excel usage. 4. Educate users about the risks of opening unsolicited Excel files and encourage verification before interaction. 5. Apply the principle of least privilege to limit user permissions and reduce the impact of potential exploitation. 6. Monitor Microsoft security advisories closely and deploy patches or updates immediately once they become available for this vulnerability. 7. Use application whitelisting or sandboxing technologies to isolate Excel processes and limit the scope of exploitation. 8. Consider disabling or restricting macros and other potentially dangerous Excel features that could be leveraged in conjunction with this vulnerability. 9. Conduct regular security assessments and penetration testing to identify exposure to this and similar vulnerabilities. 10. Maintain comprehensive backups and incident response plans to quickly recover from any exploitation attempts.