Msrc Microsoft Exchange Server 2019 Cumulative Update 15 vulnerabilities

CVE-2026-21527 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). W

CVE-2025-64666 [HIGH] CWE-20 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional acti

CVE-2025-64667 [MEDIUM] CWE-451 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A

CVE-2025-59249 [HIGH] CWE-1390 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? The attacker would be able to take over the mailboxes of all Exchange users, attackers can send emails, read emai

CVE-2025-59248 [HIGH] CWE-20 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference

CVE-2025-53782 [HIGH] CWE-303 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially craft

CVE-2025-33051 [HIGH] CWE-200 Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server Information Disclosure Vulnerability Description: Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulner

CVE-2025-53786 [HIGH] CWE-287 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability Description: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft ident

CVE-2025-25006 [MEDIUM] CWE-167 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). What does

CVE-2025-25005 [MEDIUM] CWE-20 Microsoft Exchange Server Tampering Vulnerability Microsoft Exchange Server Tampering Vulnerability Description: Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Microsoft Exchange Server: Microsoft Exchange Server Microsoft: Microsoft Customer Action Required: Yes Impact: Tampering Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Refer

CVE-2025-25007 [MEDIUM] CWE-1286 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Description: Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) and integrity (I:N), but could lead to some loss of availability (A:L). Wh