CVE-2025-33051: Microsoft Exchange Server Information Disclosure Vulnerability
Overview
- Severity
- High (CVSS 7.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2025-Aug
- Released
- 2025-08-12
- EPSS Score
- 0.18% (percentile: 40.2%)
Description
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is whether an email address exists on the server or not.
Affected Products (4)
ESU
- Microsoft Exchange Server 2019 Cumulative Update 14
- Microsoft Exchange Server 2016 Cumulative Update 23
- Microsoft Exchange Server 2019 Cumulative Update 15
Server Software
- Microsoft Exchange Server Subscription Edition RTM
Security Updates (4)
Acknowledgments
<a href=" https://www.linkedin.com/in/sparks-benjamin/">Ben Sparks</a>
Revision History
- 2025-08-12: Information published.