CVE-2025-25007
published 2025-08-12CVE-2025-25007: Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | < 15.02.2562.020 | 15.02.2562.020 |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_23 | >= 15.01.0.0 < 15.01.2507.058 | 15.01.2507.058 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_14 | >= 15.02.0.0 < 15.02.1544.033 | 15.02.1544.033 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_15 | >= 15.02.0.0 < 15.02.1748.036 | 15.02.1748.036 |
| microsoft | microsoft_exchange_server_subscription_edition_rtm | >= 15.02.0.0 < 15.02.2562.020 | 15.02.2562.020 |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_subscription_edition_rtm | — | — |