CVE-2025-58107

High CVSS: 7.5

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password.

Vendor

Product

CWE

CWE-319

Yayın Tarihi

2026-03-02 15:16:31

Güncelleme

2026-03-02 20:29:29

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-319 HIGH 2026

Referanslar

https://geochen.medium.com/microsoft-activesync-legacy-protocol-plaintext-credential-and-token-exposure-vulnerability-b0fad89014fa