CVE-2025-25007

MEDIUM

Microsoft Exchange Server - Info Disclosure

Title source: llm

Description

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25007

Scores

CVSS v3 5.3

EPSS 0.0017

EPSS Percentile 38.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-1286

Status published

Affected Products (38)

microsoft/exchange_server < 15.02.2562.020

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

microsoft/exchange_server

... and 23 more

Timeline

Published Aug 12, 2025

Tracked Since Feb 18, 2026