CVE-2025-25005
published 2025-08-12CVE-2025-25005: Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | < 15.02.2562.020 | 15.02.2562.020 |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_23 | >= 15.01.0.0 < 15.01.2507.058 | 15.01.2507.058 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_14 | >= 15.02.0.0 < 15.02.1544.033 | 15.02.1544.033 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_15 | >= 15.02.0.0 < 15.02.1748.036 | 15.02.1748.036 |
| microsoft | microsoft_exchange_server_subscription_edition_rtm | >= 15.02.0.0 < 15.02.2562.020 | 15.02.2562.020 |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_subscription_edition_rtm | — | — |