Microsoft Exchange Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Exchange Server.
Recent Microsoft Exchange Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-21527 | CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability | February 10, 2026 |
| CVE-2025-64666 | CVE-2025-64666 Microsoft Exchange Server Elevation of Privilege Vulnerability | December 9, 2025 |
| CVE-2025-64667 | CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability | December 9, 2025 |
| CVE-2025-59248 | CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability | October 14, 2025 |
| CVE-2025-59249 | CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability | October 14, 2025 |
| CVE-2025-53782 | CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability | October 14, 2025 |
| CVE-2025-25007 | CVE-2025-25007 Microsoft Exchange Server Spoofing Vulnerability | August 12, 2025 |
| CVE-2025-25006 | CVE-2025-25006 Microsoft Exchange Server Spoofing Vulnerability | August 12, 2025 |
| CVE-2025-25005 | CVE-2025-25005 Microsoft Exchange Server Tampering Vulnerability | August 12, 2025 |
| CVE-2025-33051 | CVE-2025-33051 Microsoft Exchange Server Information Disclosure Vulnerability | August 12, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Exchange Server. Last year, in 2025 Exchange Server had 4 security vulnerabilities published. Right now, Exchange Server is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 6.53 |
| 2024 | 4 | 8.70 |
| 2023 | 29 | 7.90 |
| 2022 | 18 | 7.81 |
| 2021 | 31 | 7.84 |
| 2020 | 14 | 7.74 |
| 2019 | 12 | 7.22 |
| 2018 | 16 | 6.77 |
It may take a day or so for new Exchange Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Exchange Server Security Vulnerabilities
Aug 2025: Microsoft Exchange Server Spoofing Vulnerability
CVE-2025-25006
5.3 - Medium
- August 12, 2025
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Improper Handling of Additional Special Element
Aug 2025: Microsoft Exchange Server Spoofing Vulnerability
CVE-2025-25007
5.3 - Medium
- August 12, 2025
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Improper Validation of Syntactic Correctness of Input
Aug 2025: Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2025-33051
7.5 - High
- August 12, 2025
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
Information Disclosure
Aug 2025: Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
CVE-2025-53786
8 - High
- August 06, 2025
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.
authentification
Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49040
7.5 - High
- November 12, 2024
Microsoft Exchange Server Spoofing Vulnerability
User Interface (UI) Misrepresentation of Critical Information
Exchange WebService: Event Type Audience Misvalidation
CVE-2024-33996
- May 31, 2024
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Exchange Server RCE Vulnerability
CVE-2024-26198
8.8 - High
- March 12, 2024
Microsoft Exchange Server Remote Code Execution Vulnerability
Feb 2024: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2024-21410
9.8 - Critical
- February 13, 2024
Microsoft Exchange Server Elevation of Privilege Vulnerability
authentification
Nov 2023: Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36035
8 - High
- November 14, 2023
Microsoft Exchange Server Spoofing Vulnerability
Marshaling, Unmarshaling
Nov 2023: Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039
8 - High
- November 14, 2023
Microsoft Exchange Server Spoofing Vulnerability
Marshaling, Unmarshaling
Nov 2023: Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36439
8 - High
- November 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Nov 2023: Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36050
8 - High
- November 14, 2023
Microsoft Exchange Server Spoofing Vulnerability
Marshaling, Unmarshaling
MS Exchange Server RCE via CVE-2023-36778
CVE-2023-36778
8 - High
- October 10, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Sep 2023: Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36744
8 - High
- September 12, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Sep 2023: Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36745
8 - High
- September 12, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Sep 2023: Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36756
8 - High
- September 12, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Sep 2023: Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36757
8 - High
- September 12, 2023
Microsoft Exchange Server Spoofing Vulnerability
Marshaling, Unmarshaling
Sep 2023: Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2023-36777
5.7 - Medium
- September 12, 2023
Microsoft Exchange Server Information Disclosure Vulnerability
Marshaling, Unmarshaling
Microsoft Exchange RCE via vulnerable component
CVE-2023-35368
8.8 - High
- August 08, 2023
Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Spoofing Vulnerability
CVE-2023-38181
8.8 - High
- August 08, 2023
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server RCE Vulnerability - CVE-2023-38182
CVE-2023-38182
8 - High
- August 08, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Exchange Server RCE Vulnerability Enables Remote Code Execution
CVE-2023-38185
8.8 - High
- August 08, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server EoP Vulnerability
CVE-2023-21709
9.8 - Critical
- August 08, 2023
Microsoft Exchange Server Elevation of Privilege Vulnerability
Improper Restriction of Excessive Authentication Attempts
Microsoft Exchange Server RCE CVE-2023-35388
CVE-2023-35388
8 - High
- August 08, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Messaging Service: Missing Perm Check Local Info Disclosure
CVE-2023-30919
5.5 - Medium
- July 12, 2023
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
AuthZ
MS Exchange Server External Mail SMTP Capabilities Size Exploitation
CVE-2023-26432
4.3 - Medium
- June 20, 2023
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.
Microsoft Exchange RCE Vulnerability CVE-2023-28310
CVE-2023-28310
8 - High
- June 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server RCE Vulnerability CVE-2023-32031
CVE-2023-32031
8.8 - High
- June 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server RCE via Remote Exploit - CVE-2023-21710
CVE-2023-21710
7.2 - High
- February 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
MS Exchange RCE CVE-2023-21529
CVE-2023-21529
8.8 - High
- February 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
RCE in Microsoft Exchange Server via RPC-EWS (CVE-2023-21707)
CVE-2023-21707
8.8 - High
- February 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Exchange Server RCE CVE-2023-21706
CVE-2023-21706
8.8 - High
- February 14, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
MS Exchange Server Info Disclosure Vulnerability
CVE-2023-21761
7.5 - High
- January 10, 2023
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-21762
8 - High
- January 10, 2023
Microsoft Exchange Server Spoofing Vulnerability
Exchange Server EoP Vulnerability, CVE-2023-21763
CVE-2023-21763
7.8 - High
- January 10, 2023
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Priv Esc OOB
CVE-2023-21764
7.8 - High
- January 10, 2023
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-21745
8 - High
- January 10, 2023
Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41078: Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41078
8 - High
- November 09, 2022
Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41079: Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41079
8 - High
- November 09, 2022
Microsoft Exchange Server Spoofing Vulnerability
Nov 2022: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41080
8.8 - High
- November 09, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Exchange Server Priv Escalation Vulnerability
CVE-2022-41123
7.8 - High
- November 09, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Oct 2022: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41040
8.8 - High
- October 03, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
SSRF
Oct 2022: Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-41082
8 - High
- October 03, 2022
Microsoft Exchange Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft Exchange Server Info Disclosure (CVE-2022-21979)
CVE-2022-21979
4.8 - Medium
- August 09, 2022
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2022-30134
6.5 - Medium
- August 09, 2022
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Privilege Escalation (CVE-2022-24516)
CVE-2022-24516
8 - High
- August 09, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Exchange Server EOP Vulnerability CVE-2022-24477
CVE-2022-24477
8 - High
- August 09, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange EoP Vulnerability (CVE-2022-21980)
CVE-2022-21980
8 - High
- August 09, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Info Disclosure via CVE-2022-34692
CVE-2022-34692
5.3 - Medium
- August 09, 2022
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-21978
8.2 - High
- May 10, 2022
Microsoft Exchange Server Elevation of Privilege Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Exchange Server or by Microsoft? Click the Watch button to subscribe.
