Cleartext Transmission of Sensitive Information

CVE-2025-58107

High

7.5/10

Summary

In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

Advisory Timeline

Published Mar 02, 2026

Cleartext Transmission of Sensitive Information

CVE-2025-58107

Summary

CWE-319 - Cleartext Transmission of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS