CVE-2025-64666
published 2025-12-09CVE-2025-64666: Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | exchange_server | < 15.02.2562.035 | 15.02.2562.035 |
| microsoft | exchange_server | — | — |
| microsoft | exchange_server | — | — |
| microsoft | microsoft_exchange_server_2016_cumulative_update_23 | >= 15.01.0.0 < 15.01.2507.063 | 15.01.2507.063 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_14 | >= 15.02.0.0 < 15.02.1544.037 | 15.02.1544.037 |
| microsoft | microsoft_exchange_server_2019_cumulative_update_15 | >= 15.02.0.0 < 15.02.1748.042 | 15.02.1748.042 |
| microsoft | microsoft_exchange_server_subscription_edition_rtm | >= 15.02.0.0 < 15.02.2562.035 | 15.02.2562.035 |
| msrc | microsoft_exchange_server_2016_cumulative_update_23 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_14 | — | — |
| msrc | microsoft_exchange_server_2019_cumulative_update_15 | — | — |
| msrc | microsoft_exchange_server_subscription_edition_rtm | — | — |