Unrated severityCISA KEVNVD Advisory· Published Mar 2, 2021· Updated Oct 21, 2025
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-27065
Description
Microsoft Exchange Server Remote Code Execution Vulnerability
Affected products
25cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*range: 15.00.0
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*range: 15.00.0
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*range: 15.00.0
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*range: 15.00.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*range: 15.01.0
- cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*range: 15.02.0
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*range: 15.02.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.htmlmitrex_refsource_MISC
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065mitrex_refsource_MISC
News mentions
1- What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, AsiaThe Register Security · Apr 30, 2026