Cyber Resilience

CVE-2021-27065

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 03 March 2021

Published
03 March 2021
Modified
18 December 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9995 100.0th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2021-27065 is a high-severity Path Traversal (CWE-22) vulnerability in Microsoft Exchange Server. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2021-27065 is a remote code execution vulnerability in Microsoft Exchange Server that is associated with CWE-22 path traversal. The flaw received a CVSS v3.1 base score of 7.8 with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, no required privileges, and required user interaction to reach full confidentiality, integrity, and availability impact.

An attacker who can reach the affected Exchange component may leverage the vulnerability to execute arbitrary code on the server. Public proof-of-concept material referencing the ProxyLogon exploitation chain has been posted to PacketStorm Security, confirming that working artifacts exist for this issue.

Microsoft published an advisory for CVE-2021-27065 on its security guidance portal that addresses the vulnerability and associated patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

Threat-Actor AttributionAI

HAFNIUM (G0125)
Microsoft directly attributed HAFNIUM exploitation of ProxyLogon 0-days including CVE-2021-27065 (Microsoft Threat Intelligence, Mar 2021).

CVEs Like This One

CVE-2021-34473Same product: Microsoft Exchange Serverboth on KEV
CVE-2022-41040Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-31207Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-26855Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-34523Same product: Microsoft Exchange Serverboth on KEV
CVE-2022-41082Same product: Microsoft Exchange Serverboth on KEV
CVE-2026-42897Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-40444Same vendor: Microsoftboth on KEV
CVE-2026-41091Same vendor: Microsoftboth on KEV
CVE-2025-68645Same product class: email / collaborationboth on KEV

Affected Assets

microsoft
exchange server
2013, 2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that Microsoft released to eliminate the path-traversal flaw in Exchange.

prevent

Enforces validation of user-supplied input to block the path-traversal sequences that enable arbitrary code execution.

detect

Requires integrity verification of Exchange binaries and configuration files to detect unauthorized modifications resulting from successful exploitation.

References