CVE-2025-64667

Dec. 9, 2025, 6:36 p.m.

5.3
Medium

Description

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Product(s) Impacted

Product Versions
exchange_server
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-451
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64667

Tags

secure@microsoft.com
CWE-451
2025-12-09
CVE-2025-64667

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: Dec. 9, 2025, 6:16 p.m.
Last Modified: Dec. 9, 2025, 6:36 p.m.

Status : Undergoing Analysis

CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.

More info

Source

secure@microsoft.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.