Microsoft Exchange Server vulnerabilities
207 known vulnerabilities affecting microsoft/exchange_server.
Total CVEs
207
CISA KEV
19
actively exploited
Public exploits
28
Exploited in wild
19
Severity breakdown
CRITICAL24HIGH84MEDIUM93LOW6
Vulnerabilities
Page 1 of 11
CVE-2025-64666HIGHCVSS 7.5fixed in 15.02.2562.035v2016+1 more2025-12-09
CVE-2025-64666 [HIGH] CWE-20 CVE-2025-64666: Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate priv
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-59248HIGHCVSS 7.5fixed in 15.02.2562.029v2016+1 more2025-10-14
CVE-2025-59248 [HIGH] CWE-20 CVE-2025-59248: Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform sp
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-53782HIGHCVSS 7.8fixed in 15.02.2562.029v2016+1 more2025-10-14
CVE-2025-53782 [HIGH] CWE-303 CVE-2025-53782: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthor
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2025-59249HIGHCVSS 8.8fixed in 15.02.2562.029v2016+1 more2025-10-14
CVE-2025-59249 [HIGH] CWE-1390 CVE-2025-59249: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-33051HIGHCVSS 7.5fixed in 15.02.2562.020v2016+1 more2025-08-12
CVE-2025-33051 [HIGH] CWE-200 CVE-2025-33051: Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an un
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-25006MEDIUMCVSS 5.3fixed in 15.02.2562.020v2016+1 more2025-08-12
CVE-2025-25006 [MEDIUM] CWE-167 CVE-2025-25006: Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-25005MEDIUMCVSS 6.5fixed in 15.02.2562.020v2016+1 more2025-08-12
CVE-2025-25005 [MEDIUM] CWE-20 CVE-2025-25005: Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tamp
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
nvd
CVE-2025-25007MEDIUMCVSS 5.3fixed in 15.02.2562.020v2016+1 more2025-08-12
CVE-2025-25007 [MEDIUM] CWE-1286 CVE-2025-25007: Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unautho
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-53786HIGHCVSS 8.0v2016v20192025-08-06
CVE-2025-53786 [HIGH] CWE-287 CVE-2025-53786: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance an
nvd
CVE-2024-26198HIGHCVSS 8.8v2016v20192024-03-12
CVE-2024-26198 [HIGH] CWE-426 CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2024-21410CRITICALCVSS 9.8KEVv2016v20192024-02-13
CVE-2024-21410 [CRITICAL] CWE-287 CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2023-36439HIGHCVSS 8.0v2016v20192023-11-14
CVE-2023-36439 [HIGH] CWE-502 CVE-2023-36439: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36778HIGHCVSS 8.0v2016v20192023-10-10
CVE-2023-36778 [HIGH] CWE-426 CVE-2023-36778: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36756HIGHCVSS 8.0v2016v20192023-09-12
CVE-2023-36756 [HIGH] CWE-502 CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36745HIGHCVSS 8.0v2016v20192023-09-12
CVE-2023-36745 [HIGH] CWE-502 CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36744HIGHCVSS 8.0v2016v20192023-09-12
CVE-2023-36744 [HIGH] CWE-502 CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36777MEDIUMCVSS 5.7v2016v20192023-09-12
CVE-2023-36777 [MEDIUM] CWE-502 CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
nvd
CVE-2023-21709CRITICALCVSS 9.8v2016v20192023-08-08
CVE-2023-21709 [CRITICAL] CWE-307 CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2023-38182HIGHCVSS 8.0v2016v20192023-08-08
CVE-2023-38182 [HIGH] CWE-502 CVE-2023-38182: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-35368HIGHCVSS 8.8v2016v20192023-08-08
CVE-2023-35368 [HIGH] CWE-20 CVE-2023-35368: Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Remote Code Execution Vulnerability
nvd
1 / 11Next →