CVE-2025-53782

HIGH8.4

JSON export Create alert

Description

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Microsoft Exchange Server 2016 Cumulative Update 2315.01.0.0 – 15.01.2507.061
Microsoft / Microsoft Exchange Server 2019 Cumulative Update 1415.02.0.0 – 15.02.1544.036
Microsoft / Microsoft Exchange Server 2019 Cumulative Update 1515.02.0.0 – 15.02.1748.039
Microsoft / Microsoft Exchange Server Subscription Edition RTM15.02.0.0 – 15.02.2562.029

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53782

Updated 5m ago · 2 sources