CVE-2023-38182 HIGH

CVE-2023-38182: Microsoft Exchange Server Remote Code Execution Vulnerability

Vendor Microsoft
Product Microsoft Exchange Server 2019 Cumulative Update 13
Weakness CWE-502 · Unsafe deserialization
Published August 8, 2023
Last update February 27, 2025
View on NVD All CVEs

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Exchange Server Remote Code Execution Vulnerability

Key dates

02Disclosure timeline

August 8, 2023 CVE published
February 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-22345 WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability CVE-2023-49826 WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection CVE-2026-49765 WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability CVE-2025-60035 CVE-2025-60234 WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability