Skip to main content

CVE-2022-41082

HIGH
Deserialization of Untrusted Data (CWE-502)
2022-10-03 secure@microsoft.com
8.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 30, 2025 - 19:39 cisa
CISA KEV
PoC Detected
Oct 30, 2025 - 19:39 vuln.today
Public exploit code
Patch released
Oct 30, 2025 - 19:39 nvd
Patch available
CVE Published
Oct 03, 2022 - 01:15 nvd
HIGH 8.0

DescriptionNVD

Microsoft Exchange Server Remote Code Execution Vulnerability

AnalysisAI

Microsoft Exchange Server allows authenticated remote code execution through PowerShell deserialization, the second component of 'ProxyNotShell' enabling SYSTEM-level command execution when chained with CVE-2022-41040.

Technical ContextAI

The CWE-502 deserialization flaw in Exchange's PowerShell Remoting processes crafted serialized objects that execute arbitrary commands. When accessed through the ProxyNotShell SSRF, unauthenticated-equivalent RCE is achieved (only mailbox credentials needed).

Affected ProductsAI

Microsoft Exchange Server 2013/2016/2019

RemediationAI

Apply Microsoft security updates urgently. Monitor for unusual PowerShell execution on Exchange servers. Consider migrating to Exchange Online to eliminate on-premises Exchange attack surface.

Share

CVE-2022-41082 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy