CVE-2025-53782
published 2025-10-14CVE-2025-53782: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | < 15.02.2562.029 | 15.02.2562.029 |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_23 | >= 15.01.0.0 < 15.01.2507.061 | 15.01.2507.061 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_14 | >= 15.02.0.0 < 15.02.1544.036 | 15.02.1544.036 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_15 | >= 15.02.0.0 < 15.02.1748.039 | 15.02.1748.039 |
| microsoft | microsoft_exchange_server_subscription_edition_rtm | >= 15.02.0.0 < 15.02.2562.029 | 15.02.2562.029 |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_subscription_edition_rtm | — | — |