CVE-2025-25007

MEDIUM

Microsoft Exchange Server - Info Disclosure

Title source: llm

Description

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25007

Scores

CVSS v3 5.3

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (3)

microsoft/exchange_server 2016 (23 CPE variants)

microsoft/exchange_server 2019 (14 CPE variants)

microsoft/exchange_server < 15.02.2562.020

Published Aug 12, 2025

Tracked Since Feb 18, 2026