Oct 2025: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2025-53782 Published on October 14, 2025
Microsoft Exchange Server Elevation of Privilege Vulnerability
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
Weakness Type
Incorrect Implementation of Authentication Algorithm
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.
Products Associated with CVE-2025-53782
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-53782 are published in these products:
Affected Versions
Microsoft Exchange Server 2016 Cumulative Update 23:- Version 15.01.0.0 and below 15.01.2507.061 is affected.
- Version 15.02.0.0 and below 15.02.1544.036 is affected.
- Version 15.02.0.0 and below 15.02.1748.039 is affected.
- Version 15.02.0.0 and below 15.02.2562.029 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.