MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2025-25006

CVSS 5.3v3.1pub. 2025-08-12upd. 2026-06-15

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Microsoft Exchange Server

    APP
    Microsoft
    20162019
  • Microsoft Exchange Server Subscription Edition

    APP
    Microsoft
    < 15.02.2562.020
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-21410CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Microsoft Exchange Server — privilege escalation z pominięciem uwierzytelnienia

CVE-2021-34523CRITICAL9.0⚠ KEVten sam produkt

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2021-34473CRITICAL9.1⚠ KEVten sam produkt

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2021-26855CRITICAL9.1⚠ KEVten sam produkt

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-21709CRITICAL9.8ten sam produkt

Microsoft Exchange Server Elevation of Privilege Vulnerability