Microsoft Exchange Exposes Samsung Device Data on On-Premises Servers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Microsoft Exchange Exposes Samsung Device Data on On-Premises Servers

CVE-2025-58107

Summary

On-premises Microsoft Exchange servers may leak sensitive information from Samsung devices, including user names and passwords. This is a concern for companies that use Exchange with Samsung devices. To mitigate this risk, consider updating Exchange to a version that supports encryption or implementing additional security measures for device authentication.

Original title

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, ...

Original description

nvd CVSS3.1 7.5

Vulnerability type

CWE-319 Cleartext Transmission of Sensitive Information

https://geochen.medium.com/microsoft-activesync-legacy-protocol-plaintext-creden...

Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026