CVE-2025-29805: Outlook for Android Information Disclosure Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Apr

Released

2025-04-08

EPSS Score

8.45% (percentile: 92.3%)

Description

Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.

FAQ

What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could read targeted email messages. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (1)

Apps

• Microsoft Outlook for Android

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://microsoft.com/">Microsoft</a>

Revision History

• 2025-04-08: Information published.