Oct 2025: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2025-59249 Published on October 14, 2025

Microsoft Exchange Server Elevation of Privilege Vulnerability
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

CWE-1390

Products Associated with CVE-2025-59249

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-59249 are published in these products:

Microsoft Exchange Server 2016

Microsoft Exchange Server 2019

Microsoft Exchange Server Se

Affected Versions

Microsoft Exchange Server 2016 Cumulative Update 23:

Version 15.01.0.0 and below 15.01.2507.061 is affected.

Microsoft Exchange Server 2019 Cumulative Update 14:

Version 15.02.0.0 and below 15.02.1544.036 is affected.

Microsoft Exchange Server 2019 Cumulative Update 15:

Version 15.02.0.0 and below 15.02.1748.039 is affected.

Microsoft Exchange Server Subscription Edition RTM:

Version 15.02.0.0 and below 15.02.2562.029 is affected.

Exploit Probability

EPSS

0.15%

Percentile

36.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Oct 2025: Microsoft Exchange Server Elevation of Privilege VulnerabilityCVE-2025-59249 Published on October 14, 2025

Weakness Type

Products Associated with CVE-2025-59249

Affected Versions

Exploit Probability

Oct 2025: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2025-59249 Published on October 14, 2025