CVE-2025-64667

MEDIUM

Microsoft Exchange Server - Info Disclosure

Title source: llm

Description

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

References (1)

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64667

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-451

Status published

Products (7)

microsoft/exchange_server 2016 (23 CPE variants)

microsoft/exchange_server 2019 (14 CPE variants)

microsoft/exchange_server < 15.02.2562.035

Microsoft/Microsoft Exchange Server 2016 Cumulative Update 23 15.01.0.0 - 15.01.2507.063

Microsoft/Microsoft Exchange Server 2019 Cumulative Update 14 15.02.0.0 - 15.02.1544.037

Microsoft/Microsoft Exchange Server 2019 Cumulative Update 15 15.02.0.0 - 15.02.1748.042

Microsoft/Microsoft Exchange Server Subscription Edition RTM 15.02.0.0 - 15.02.2562.035

Published Dec 09, 2025

Tracked Since Feb 18, 2026