CVE-2025-64667

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?

An attacker could spoof incorrect 5322.From email address that is displayed to a user.

Why are update links missing for some Exchange products?

For Exchange Server 2016 and 2019, update links are not provided because these versions are out of support and security updates are only available through the Extended Security Update (ESU) program.

Customers enrolled in ESU can access the December 2025 and future updates, while those not enrolled should migrate to Exchange Server Subscription Edition (SE) to continue receiving security updates. If you have purchased ESU and need assistance accessing updates, contact Microsoft at **ExchangeandSfBServerESUInquiry@service.microsoft.com. **

For more details, see the official blog post.