Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft Exchange Server 2019 Cumulative Update 14

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2025-25007
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.72%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2025-25006
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.02%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-167
Improper Handling of Additional Special Element
CVE-2025-25005
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.10%
||
7 Day CHG+0.01%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Tampering Vulnerability

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-20
Improper Input Validation
CVE-2025-33051
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-53786
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8||HIGH
EPSS-0.07% / 23.08%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 16:02
Updated-26 Aug, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-287
Improper Authentication
CVE-2024-49040
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.47% / 92.94%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2024-26198
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-4.46% / 88.63%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 13
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-21410
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.51% / 80.44%
||
7 Day CHG-0.19%
Published-13 Feb, 2024 | 18:02
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-07||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2019 Cumulative Update 14Exchange Server
CWE ID-CWE-287
Improper Authentication