CVE-2025-59248: Microsoft Exchange Server Spoofing Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Oct

Released

2025-10-14

EPSS Score

0.13% (percentile: 32.3%)

Description

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Affected Products (4)

Server Software

• Microsoft Exchange Server Subscription Edition RTM

ESU

• Microsoft Exchange Server 2019 Cumulative Update 15
• Microsoft Exchange Server 2016 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 14

Security Updates (4)

• 5066366
• 5066367
• 5066369
• 5066368

Acknowledgments

<a href="https://www.linkedin.com/in/anna-breeva-51476b163/">Anna Breeva</a>

Revision History

• 2025-10-14: Information published.