Cve 2025 41040 Exploit. 2025 Cve List Suki Serene "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint provided by Microsoft in response to ProxyNotShell," CrowdStrike researchers said in a Dec After bypassing authentication by abusing CVE-2022-41040, adversaries exploit CVE-2022-41082 to run arbitrary commands in vulnerable Exchange Servers.
CVE202226904 AttackerKB from attackerkb.com
Figure 1: Diagram of attacks using Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 Observed activity after public disclosure The second, CVE-2022-41080, has not been publicly detailed but its CVSS score of 8.8 is the same as CVE-2022-41040 used in the ProxyNotShell exploit chain, and it has been marked "exploitation more likely." Based on these findings, CrowdStrike assesses it is highly likely that the OWA technique employed is in fact tied to CVE-2022-41080.
CVE202226904 AttackerKB
Attack Details Fundamentally, it was found that the exploit is executed by attackers masquerading themselves as an Exchange EWS (Exchange Web Services) which allows them to construct a backdoor and subsequently gain a foothold on to the underlying system. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack Figure 1: Diagram of attacks using Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 Observed activity after public disclosure
Microsoft Patch Tuesday, January 2025 Security Update Review Qualys. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack CVE-2022-41080 was resolved on November 8 alongside ProxyNotShell vulnerabilities and another privilege escalation flaw, tracked as CVE-2022-41123, which is described as a DLL hijacking bug
CVE202226904 AttackerKB. Figure 1: Diagram of attacks using Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 Observed activity after public disclosure Exploitation of CVE-2022-41040 could allow an attacker to exploit CVE-2022-41082