CVE-2025-25007
Microsoft Exchange Server Spoofing Vulnerability
In short
Microsoft Exchange Server doesn't properly check the format of certain inputs, allowing attackers to impersonate legitimate senders in emails. This could trick users into trusting fraudulent messages.
Technical detail
The vulnerability stems from insufficient input validation (CWE-1286) in Exchange Server's email processing, enabling network-based email spoofing attacks. An unauthenticated attacker can craft malformed inputs that bypass syntactic validation checks, compromising email authenticity and potentially facilitating phishing or social engineering attacks.
Summary generated and translated by AI from the official description.
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 14Microsoft · Microsoft Exchange Server 2019 Cumulative Update 15Microsoft · Microsoft Exchange Server Subscription Edition RTMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →