Dec 2025: Microsoft Exchange Server Spoofing Vulnerability
CVE-2025-64667 Published on December 9, 2025
Microsoft Exchange Server Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Weakness Type
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Products Associated with CVE-2025-64667
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-64667 are published in these products:
Affected Versions
Microsoft Exchange Server 2016 Cumulative Update 23:- Version 15.01.0.0 and below 15.01.2507.063 is affected.
- Version 15.02.0.0 and below 15.02.1544.037 is affected.
- Version 15.02.0.0 and below 15.02.1748.042 is affected.
- Version 15.02.0.0 and below 15.02.2562.035 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.