Skip to main content

Microsoft Exchange Server CVE-2025-59249

HIGH
Weak Authentication (CWE-1390)
2025-10-14 secure@microsoft.com
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable Exchange endpoint (AV:N), reliable exploitation once authenticated (AC:L), requires a standard mailbox account (PR:L), no victim interaction (UI:N), and weak-auth EoP yields full CIA impact within Exchange's authorization scope.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 15, 2026 - 19:31 vuln.today
CVE Published
Oct 14, 2025 - 17:16 cve.org
HIGH 8.8

DescriptionCVE.org

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege escalation in Microsoft Exchange Server (including 2016 cumulative updates and Subscription Edition) allows an authenticated network attacker to elevate privileges due to weak authentication mechanisms (CWE-1390). With a CVSS score of 8.8 and full confidentiality, integrity, and availability impact, this represents a significant risk to mail infrastructure, though no public exploit identified at time of analysis.

Technical ContextAI

The vulnerability resides in Microsoft Exchange Server, an enterprise messaging platform handling email, calendar, and collaboration services. The root cause is classified under CWE-1390 (Weak Authentication), a category covering authentication mechanisms that fail to adequately verify identity - typically due to insufficient credential validation, weak token handling, or flawed protocol implementation. CPE data confirms Exchange Server 2016 across cumulative updates 1 through 17 is affected, and tags reference the Subscription Edition. Exchange's complex authentication stack (including NTLM, Kerberos, and OAuth across multiple service endpoints like EWS, MAPI, and PowerShell) historically presents a broad attack surface where weak authentication flaws can permit token relay, impersonation, or privilege boundary crossing.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59249 for the affected Exchange Server 2016 cumulative updates and Subscription Edition deployments; consult the MSRC update guide for the exact KB article and build number matching your CU level, as Microsoft typically ships Exchange fixes as cumulative security updates. Because the prerequisite is an authenticated low-privilege mailbox user, compensating controls include enforcing strong multi-factor authentication on all mailbox accounts, restricting Exchange administrative endpoints (EAC, PowerShell, EWS) to management networks via firewall ACLs or reverse proxy filtering, rotating service account passwords, and auditing for anomalous authentication patterns; note that endpoint restrictions may break legitimate remote mailbox access for mobile and external users, so coordinate with messaging operations before applying.

CVE-2020-17132 CRITICAL POC
9.1 Dec 10

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remote

CVE-2022-23277 HIGH POC
8.8 Mar 09

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem

CVE-2021-42321 HIGH POC
8.8 Nov 10

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem

CVE-2020-16875 HIGH POC
8.4 Sep 11

<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet argume

CVE-2021-28481 CRITICAL POC
9.8 Apr 13

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-28480 CRITICAL POC
9.8 Apr 13

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2018-0986 HIGH POC
8.8 Apr 04

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a speci

CVE-2018-16793 HIGH POC
8.6 Sep 21

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parame

CVE-2019-0724 HIGH POC
8.1 Mar 05

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of

CVE-2023-36745 HIGH POC
8.0 Sep 12

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low

CVE-2013-0418 MEDIUM
6.8 Jan 17

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows

CVE-2021-33766 HIGH POC
7.3 Jul 14

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is re

Share

CVE-2025-59249 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy