Skip to main content

Microsoft Exchange Server CVE-2025-64667

MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2025-12-09 secure@microsoft.com
5.3
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
5.3 MEDIUM

Network delivery with no credentials or user interaction required; integrity impact limited to spoofing with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 15, 2026 - 19:32 vuln.today
CVE Published
Dec 09, 2025 - 18:16 cve.org
MEDIUM 5.3

DescriptionCVE.org

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

AnalysisAI

Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.

Technical ContextAI

CWE-451 describes a class of vulnerability where a UI layer fails to accurately convey security-critical metadata to the user or downstream system, causing incorrect trust decisions. In Exchange Server, this manifests as the server misrepresenting sender identity or authentication state information - such as SPF, DKIM, or DMARC validation results, or display-name versus envelope-from fields - in a way that makes spoofed messages appear trustworthy. CPE data confirms affected software as cpe:2.3:a:microsoft:exchange_server:2016 across its base release and cumulative updates CU1 through CU17. The 'Authentication Bypass' tag in the intelligence data suggests the misrepresentation may allow crafted messages to circumvent or misrepresent authentication-layer checks, not merely cosmetic display issues. Exchange Server Subscription Edition is also flagged in the tags, indicating the scope extends beyond the 2016 release line.

RemediationAI

Apply the security update issued by Microsoft via the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64667. No specific patched cumulative update version number was provided in the available data - the MSRC page must be consulted to identify the exact CU or Security Update (SU) that resolves this vulnerability on Exchange Server 2016 and Exchange Server Subscription Edition. Until patching is complete, organizations can reduce exposure by enforcing strict inbound SMTP policies at the gateway level (e.g., rejecting messages that fail SPF/DKIM/DMARC checks before they reach Exchange), configuring mail flow rules to stamp and surface authentication results visibly, and training users not to rely solely on Exchange-rendered display names for trust decisions. Note that gateway-level filtering as a compensating control does not address how Exchange internally represents authentication data and may not fully mitigate the CWE-451 misrepresentation behavior.

CVE-2020-17132 CRITICAL POC
9.1 Dec 10

Microsoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remote

CVE-2022-23277 HIGH POC
8.8 Mar 09

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem

CVE-2021-42321 HIGH POC
8.8 Nov 10

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem

CVE-2020-16875 HIGH POC
8.4 Sep 11

<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet argume

CVE-2021-28481 CRITICAL POC
9.8 Apr 13

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2021-28480 CRITICAL POC
9.8 Apr 13

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2018-0986 HIGH POC
8.8 Apr 04

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a speci

CVE-2018-16793 HIGH POC
8.6 Sep 21

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parame

CVE-2019-0724 HIGH POC
8.1 Mar 05

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of

CVE-2023-36745 HIGH POC
8.0 Sep 12

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low

CVE-2013-0418 MEDIUM
6.8 Jan 17

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows

CVE-2021-33766 HIGH POC
7.3 Jul 14

Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is re

Share

CVE-2025-64667 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy