Cyber Resilience

CVE-2022-41080

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 09 November 2022

Published
09 November 2022
Modified
30 October 2025
KEV Added
10 January 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9379 99.9th percentile
Risk Priority 94 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-41080 is a high-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

Microsoft Exchange Server contains an elevation of privilege vulnerability tracked as CVE-2022-41080. The flaw received a CVSS 3.1 base score of 8.8, reflecting a network-accessible attack that requires only low privileges and no user interaction to obtain full confidentiality, integrity, and availability impact on affected systems.

An authenticated attacker with low-privileged access to an Exchange deployment can exploit the issue to elevate rights and perform actions that would otherwise be restricted, such as accessing or modifying sensitive mailbox data and server configuration.

Microsoft has published security updates addressing the vulnerability through its update guide, and CISA has added CVE-2022-41080 to its catalog of known exploited vulnerabilities, confirming in-the-wild exploitation. The associated EPSS score remains consistently high, with a current value of 0.9379 and a peak of 0.9381.

EU & UK References

Vulnerability details

Microsoft Exchange Server Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
10 January 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
exchange server
2013, 2016, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patches that close the EoP flaw in Exchange Server.

prevent

Limits the rights of the low-privileged accounts that the vulnerability allows to be escalated to full server control.

prevent

Enforces the authorization decisions that the flaw bypasses, blocking the unauthorized privilege elevation.

References