CVE-2026-21527
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64667
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64666
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59248
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-33051
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
CVE-2025-25007
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25006
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25005
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
CVE-2025-53786
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deploym…