CVE-2025-59249
published 2025-10-14CVE-2025-59249: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | < 15.02.2562.029 | 15.02.2562.029 |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_23 | >= 15.01.0.0 < 15.01.2507.061 | 15.01.2507.061 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_14 | >= 15.02.0.0 < 15.02.1544.036 | 15.02.1544.036 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_15 | >= 15.02.0.0 < 15.02.1748.039 | 15.02.1748.039 |
| microsoft | microsoft_exchange_server_subscription_edition_rtm | >= 15.02.0.0 < 15.02.2562.029 | 15.02.2562.029 |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_subscription_edition_rtm | — | — |