CVE-2025-58107

{"id": "CVE-2025-58107", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-02T15:16:31.163", "references": [{"url": "https://geochen.medium.com/microsoft-activesync-legacy-protocol-plaintext-credential-and-token-exposure-vulnerability-b0fad89014fa", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password."}, {"lang": "es", "value": "En Microsoft Exchange hasta 2019, las configuraciones de Exchange ActiveSync (EAS) en servidores locales pueden transmitir datos sensibles de dispositivos m\u00f3viles Samsung en texto claro, incluyendo el nombre de usuario, la direcci\u00f3n de correo electr\u00f3nico, el ID del dispositivo, el token de portador y la contrase\u00f1a codificada en base64."}], "lastModified": "2026-03-02T20:29:29.330", "sourceIdentifier": "cve@mitre.org"}