Cyber Resilience

CVE-2021-31207

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 11 May 2021

Published
11 May 2021
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9978 100.0th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2021-31207 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Microsoft Exchange Server. Its CVSS base score is 6.6 (Medium).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2021-31207 is a security feature bypass vulnerability affecting Microsoft Exchange Server and tracked under CWE-434 for unrestricted upload of files with dangerous types. It carries a CVSS 3.1 score of 6.6 with a vector indicating network attack vector, high attack complexity, and high privileges required.

An attacker who can reach the server over the network and satisfies the high complexity precondition may bypass security controls to achieve high impact on confidentiality, integrity, and availability. Public references associate the issue with the ProxyShell remote code execution chain.

Microsoft Security Response Center advisory CVE-2021-31207 and the corresponding Zero Day Initiative advisory ZDI-21-819 describe the vulnerability and outline available patches or configuration guidance for affected Exchange deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Microsoft Exchange Server Security Feature Bypass Vulnerability

CWE(s)
KEV Date Added
03 November 2021

Related Threats

CVEs Like This One

CVE-2021-34473Same product: Microsoft Exchange Serverboth on KEV
CVE-2022-41040Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-26855Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-27065Same product: Microsoft Exchange Serverboth on KEV
CVE-2021-34523Same product: Microsoft Exchange Serverboth on KEV
CVE-2022-41082Same product: Microsoft Exchange Serverboth on KEV
CVE-2026-42897Same product: Microsoft Exchange Serverboth on KEV
CVE-2026-41091Same vendor: Microsoftboth on KEV
CVE-2025-68645Same product class: email / collaborationboth on KEV
CVE-2025-24985Same vendor: Microsoftboth on KEV

Affected Assets

microsoft
exchange server
2013, 2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters CWE-434 unrestricted file upload by enforcing validation of file types and content before Exchange accepts them.

prevent

Limits upload and execution functionality on Exchange servers so that dangerous file types cannot be processed even if a bypass is attempted.

preventdetect

Provides malicious-code scanning and blocking at the point of file receipt, mitigating the ProxyShell-style upload that leads to RCE.

References