CVE-2025-59249
Microsoft Exchange Server Elevation of Privilege Vulnerability
In short
Microsoft Exchange Server has weak authentication that allows someone with legitimate access to gain higher privileges on the system. This is serious because it lets an insider or compromised account take control of the entire email server.
Technical detail
An authenticated attacker can exploit weak authentication mechanisms in Microsoft Exchange Server to escalate privileges remotely. The vulnerability requires prior authentication access and enables complete compromise of the Exchange Server infrastructure.
Summary generated and translated by AI from the official description.
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 14Microsoft · Microsoft Exchange Server 2019 Cumulative Update 15Microsoft · Microsoft Exchange Server Subscription Edition RTMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →