CVE-2025-58107 is a vulnerability identified in Microsoft Exchange servers through 2019 that utilize Exchange ActiveSync (EAS) configurations for on-premises deployments. The flaw allows sensitive data transmitted from Samsung mobile devices to be sent in cleartext over the network. This data includes the user's name, email address, device ID, bearer token, and base64-encoded password, which are critical credentials and identifiers that could be intercepted by attackers. The vulnerability arises due to improper handling of encryption protocols or misconfiguration in the EAS implementation, leading to the exposure of sensitive information during transmission. The CVSS 3.1 score of 7.5 reflects a high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), and impacting confidentiality (C:H) without affecting integrity or availability. The vulnerability is categorized under CWE-319, indicating cleartext transmission of sensitive information. Although no public exploits have been reported, the risk is considerable given the sensitive nature of the data exposed and the widespread use of Microsoft Exchange and Samsung devices in enterprise environments. This vulnerability could be leveraged by attackers performing man-in-the-middle (MitM) attacks or network eavesdropping to harvest credentials and session tokens, potentially leading to unauthorized access or further compromise.

The primary impact of CVE-2025-58107 is the compromise of confidentiality due to the exposure of sensitive user data transmitted in cleartext. Attackers intercepting this data could gain access to user credentials, session tokens, and device identifiers, enabling unauthorized access to corporate email accounts and potentially lateral movement within an organization's network. This could lead to data breaches, espionage, and disruption of business operations. The vulnerability does not affect data integrity or availability directly but significantly increases the risk of account compromise and subsequent attacks. Organizations relying on on-premises Microsoft Exchange servers with EAS configurations and Samsung mobile devices are particularly vulnerable. The exposure of bearer tokens and passwords in cleartext also raises the risk of credential theft and replay attacks. Given the network-based attack vector and lack of required privileges or user interaction, exploitation could be automated and widespread if attackers gain network access. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the potential for future attacks.

To mitigate CVE-2025-58107, organizations should: 1) Apply any patches or updates released by Microsoft addressing this vulnerability as soon as they become available. 2) Enforce the use of secure transport protocols such as TLS 1.2 or higher for all Exchange ActiveSync communications to ensure encryption of data in transit. 3) Review and harden Exchange server configurations to disable any fallback to unencrypted or weakly encrypted protocols. 4) Implement network segmentation and monitoring to detect unusual traffic patterns or potential man-in-the-middle attacks targeting EAS traffic. 5) Encourage or enforce the use of updated Samsung device firmware and security patches that may address client-side aspects of this vulnerability. 6) Consider deploying multi-factor authentication (MFA) for Exchange access to reduce the impact of credential compromise. 7) Conduct regular security audits and penetration testing focused on Exchange ActiveSync configurations and mobile device integrations. 8) Educate users about the risks of using unsecured networks and encourage the use of VPNs when accessing corporate resources remotely. These measures collectively reduce the risk of exploitation and limit the exposure of sensitive data.