19 matches found
CVE-2025-64667
CVE-2025-64667 is a Microsoft Exchange Server Spoofing Vulnerability caused by UI misrepresentation of critical information that could allow an unauthenticated attacker to spoof over the network. The issue is addressed by December 9, 2025 security updates on Exchange Server products (KB5071873 fo...
CVE-2025-64666
CVE-2025-64666 affects Microsoft Exchange Server and is caused by improper input validation that permits an authenticated, network-accessing attacker to elevate privileges. The vulnerability is categorized with a high impact (C/H, I/H, A/H) and requires low privileges with no user interaction. Pu...
CVE-2025-53786
CVE-2025-53786 is a high-severity issue affecting on-premises Microsoft Exchange Server in hybrid deployments. The connected documents confirm a privilege-escalation path tied to Exchange Hybrid configurations that can impact Exchange Online identity integrity. Remediation/mitigation relies on in...
CVE-2026-42897
CVE-2026-42897 affects on-prem Microsoft Exchange Server (2016, 2019, SE) with an XSS flaw in Outlook Web Access caused by improper neutralization of input during web page generation. An attacker could send a crafted email to trigger arbitrary JavaScript execution in the victim’s browser, enablin...
CVE-2026-45583
CVE-2026-45583 involves Microsoft Exchange Server and is described as an improper control of generation of code (code injection) that enables an unauthenticated attacker to execute code over the network. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidential...
CVE-2026-21527
CVE-2026-21527 affects Microsoft Exchange Server. The issue is a UI misrepresentation of critical information that enables a network-based spoofing attack without user interaction or privileges. The CVSS v3.1 base metrics indicate an external attack vector with low impact on confidentiality and i...
CVE-2026-45504
CVE-2026-45504 is an SSRF-based elevation of privilege in Microsoft Exchange Server . The entry notes an attacker who is authorized can elevate privileges over the network. CVSS v3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, and LOW privileges required, with NONE...
CVE-2026-45501
CVE-2026-45501 concerns Microsoft Exchange Server. The issue is improper neutralization of input during web page generation, i.e., a cross-site scripting vulnerability that can allow an unauthorized attacker to perform spoofing over a network. CVSS 3.1 base score 6.5 (Medium): attack vector Netwo...
CVE-2026-45502
CVE-2026-45502 is a server-side request forgery in Microsoft Exchange Server. An authenticated attacker can disclose information over the network (confidentiality impact partial) without user interaction, with network access and low attack complexity, under a changed scope. The entry provides a C...
CVE-2025-59249
CVE-2025-59249 is a Microsoft Exchange Server elevation-of-privilege vulnerability described as caused by weak authentication. The CVE is discussed across multiple sources (CNVD, EUVD, NCSC, MSRC and CVE listings) with details indicating that an attacker who is already authenticated can escalate ...
CVE-2025-25005
Technical details about CVE-2025-25005 are not publicly provided in the connected documents. Monitor updates from Microsoft MSRC and advisories for affected versions, impact, and fixes.
CVE-2025-53782
CVE-2025-53782 refers to an elevation-of-privilege vulnerability in Microsoft Exchange Server caused by an incorrect implementation of the authentication algorithm, enabling an unauthorized, local attacker to escalate privileges. Across connected sources, the vulnerability is associated with mult...
CVE-2026-47631
The CVE-2026-47631 entry concerns Microsoft Exchange Server with a vulnerability in the rendering of web pages, described as improper neutralization of input during web page generation (cross-site scripting). The underlying issue allows an unauthorized attacker to spoof users over the network. Th...
CVE-2025-33051
CVE-2025-33051 is an information-disclosure vulnerability in Microsoft Exchange Server. The issue stems from improper input validation and handling of certain elements, enabling an unauthenticated attacker to disclose sensitive data over the network. The CVSSv3.1 base score is 7.5 (HIGH) with net...
CVE-2025-25006
CVE-2025-25006 affects Microsoft Exchange Server. The connected MSKB/ advisories confirm a spoofing vulnerability arising from improper handling of an additional special element, exploitable over the network with no privileges or user interaction required. Microsoft released fixes: KB5063224 (Exc...
CVE-2026-45500
CVE-2026-45500: A cross-site scripting issue in Microsoft Exchange Server arises from improper neutralization of input during web page generation. This vulnerability could enable an unauthorized attacker to perform spoofing over the network. Documents identify Microsoft Exchange Server as affecte...
CVE-2026-45503
CVE-2026-45503 is an SSRF vulnerability in Microsoft Exchange Server that could allow an authorized attacker to disclose information over a network. The provided documents cite CVSSv3.1 base metrics: 8.1 (High), with NETWORK attack vector, LOW attack complexity, Privileges Required: LOW, no user ...
CVE-2025-25007
CVE-2025-25007 affects Microsoft Exchange Server. The issue arises from improper validation of input syntax, allowing an unauthenticated network attacker to spoof communications. The vulnerability is reported with CVSS v3.1 base score 5.3 (Medium) and is network-exploitable with no user interacti...
CVE-2025-59248
CVE-2025-59248 maps to a Microsoft Exchange Server spoofing vulnerability caused by improper input validation, enabling an unauthenticated attacker to leverage network spoofing. Connected sources (CNVD/EUVD and MSRC/MSKB entries) confirm this spoofing flaw and its association with Exchange Server...