Microsoft Microsoft Exchange Server 2019 Cumulative Update 15
12 CVEs affecting Microsoft Microsoft Exchange Server 2019 Cumulative Update 15. Latest disclosed: 2026-05-14. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59249 | High | 8.8 | 2025-10-14 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53782 | High | 8.4 | 2025-10-14 | Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-42897 | High | 8.1 | 2026-05-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform sp… |
CVE-2025-53786 | High | 8.0 | 2025-08-06 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these cha… |
CVE-2025-64666 | High | 7.5 | 2025-12-09 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-59248 | High | 7.5 | 2025-10-14 | Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-33051 | High | 7.5 | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. |
CVE-2026-21527 | Medium | 6.5 | 2026-02-10 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-25005 | Medium | 6.5 | 2025-08-12 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. |
CVE-2025-64667 | Medium | 5.3 | 2025-12-09 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-25007 | Medium | 5.3 | 2025-08-12 | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-25006 | Medium | 5.3 | 2025-08-12 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |