Microsoft Exchange Server
CVE-2025-64667
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Network delivery with no credentials or user interaction required; integrity impact limited to spoofing with no confidentiality or availability effect.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
AnalysisAI
Spoofing via UI misrepresentation in Microsoft Exchange Server 2016 and Exchange Server Subscription Edition allows unauthenticated network attackers to falsify critical sender or authentication information as rendered by the Exchange interface. Rooted in CWE-451 (UI Misrepresentation of Critical Information), the flaw enables an attacker to craft messages or interactions that Exchange presents deceptively, undermining trust signals recipients rely upon to distinguish legitimate from malicious communications. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the PR:N/AC:L vector means exploitation requires no credentials and minimal attacker sophistication.
Technical ContextAI
CWE-451 describes a class of vulnerability where a UI layer fails to accurately convey security-critical metadata to the user or downstream system, causing incorrect trust decisions. In Exchange Server, this manifests as the server misrepresenting sender identity or authentication state information - such as SPF, DKIM, or DMARC validation results, or display-name versus envelope-from fields - in a way that makes spoofed messages appear trustworthy. CPE data confirms affected software as cpe:2.3:a:microsoft:exchange_server:2016 across its base release and cumulative updates CU1 through CU17. The 'Authentication Bypass' tag in the intelligence data suggests the misrepresentation may allow crafted messages to circumvent or misrepresent authentication-layer checks, not merely cosmetic display issues. Exchange Server Subscription Edition is also flagged in the tags, indicating the scope extends beyond the 2016 release line.
RemediationAI
Apply the security update issued by Microsoft via the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64667. No specific patched cumulative update version number was provided in the available data - the MSRC page must be consulted to identify the exact CU or Security Update (SU) that resolves this vulnerability on Exchange Server 2016 and Exchange Server Subscription Edition. Until patching is complete, organizations can reduce exposure by enforcing strict inbound SMTP policies at the gateway level (e.g., rejecting messages that fail SPF/DKIM/DMARC checks before they reach Exchange), configuring mail flow rules to stamp and surface authentication results visibly, and training users not to rely solely on Exchange-rendered display names for trust decisions. Note that gateway-level filtering as a compensating control does not address how Exchange internally represents authentication data and may not fully mitigate the CWE-451 misrepresentation behavior.
More in Exchange Server
View allMicrosoft Exchange Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remote
Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem
Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is rem
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet argume
Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is
Microsoft Exchange Server Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a speci
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parame
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of
Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows
Microsoft Exchange Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is re
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today