Primary

Context

Microsoft Exchange Server Elevation of Privilege Vulnerability

Vulnerability

A vulnerability allowing privilege escalation has been identified in Microsoft Exchange Server. This issue arises from improper input validation, which enables an authorized attacker to elevate privileges over a network. The vulnerability affects multiple versions of Microsoft Exchange Server, including Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition.

Impact

Exploitation of this vulnerability could allow an authorized attacker to gain administrator privileges on the affected system.

Remediation

Users can download the security update for Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 14, or Microsoft Exchange Server 2019 Cumulative Update 15. Instructions for downloading these security updates are available on the Microsoft Exchange Server Security Updates page.

Added: Dec 9, 2025, 10:26 PM

Updated: Dec 9, 2025, 10:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Exchange Server Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating