Primary

Context

Microsoft Exchange Server Spoofing Vulnerability

Vulnerability

Patched

A user interface misrepresentation vulnerability has been identified in Microsoft Exchange Server. This issue allows an unauthorized attacker to perform spoofing over the network by manipulating critical information displayed to users. The vulnerability affects Microsoft Exchange Server 2016 Cumulative Update 23, Exchange Server 2019 Cumulative Update 14 and 15, and Exchange Server Subscription Edition RTM.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing of email addresses, specifically altering the '5322.From' address that users see.

Remediation

Users can download the security update for Microsoft Exchange Server 2016 Cumulative Update 23, Exchange Server 2019 Cumulative Update 14 and 15, and Exchange Server Subscription Edition RTM. For Exchange Server 2016 and 2019, those not enrolled in the Extended Security Update program should migrate to Exchange Server Subscription Edition to continue receiving updates.

Added: Dec 9, 2025, 10:26 PM

Updated: Dec 9, 2025, 10:26 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Exchange Server Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Exchange Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating