Microsoft Exchange Server Subscription Edition Rtm vulnerabilities

CVE-2026-21527 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-64666 [HIGH] CWE-20 CVE-2025-64666: Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate priv Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-64667 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-59248 [HIGH] CWE-20 CVE-2025-59248: Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform sp Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-53782 [HIGH] CWE-303 CVE-2025-53782: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthor Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

CVE-2025-59249 [HIGH] CWE-1390 CVE-2025-59249: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-33051 [HIGH] CWE-200 CVE-2025-33051: Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an un Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-25006 [MEDIUM] CWE-167 CVE-2025-25006: Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-25005 [MEDIUM] CWE-20 CVE-2025-25005: Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tamp Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

CVE-2025-25007 [MEDIUM] CWE-1286 CVE-2025-25007: Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unautho Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-53786 [HIGH] CWE-287 CVE-2025-53786: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance an