The vulnerability is a user interface misrepresentation that enables an adversary to spoof critical information displayed to users over the network. This flaw allows an unauthorized attacker to impersonate legitimate communications or services, potentially misleading users into revealing credentials or executing actions they otherwise would not. The weakness is categorized as CWE‑1286 (inconsistent interface semantics) alongside CWE‑345 (boundary checking errors) and CWE‑451 (information exposure). The impact is primarily the compromise of data integrity and user trust, which may lead to credential theft or manipulation of mail flows.

Affected Microsoft Exchange Server products include the 2016 Cumulative Update 23, and the 2019 Cumulative Update 14 and 15, as well as the Subscription Edition Release To Manufacturing (RTM) version. These updates cover versioned releases of Exchange Server 2016 and 2019, making the vulnerability relevant to environments running any of those cumulative updates or the base subscription edition.

The CVSS score of 6.5 indicates a medium severity, but the EPSS score of less than 1% suggests the likelihood of exploitation is currently very low. The flaw is not listed in the CISA KEV catalog, implying no known large‑scale exploitation at present. However, the attack vector is inferred to be network‑based, leveraging normal traffic to the Exchange Server’s web interface without requiring elevated privileges. As the flaw resides in the client‑side UI, any user with access to the affected Exchange web portal could be deceived by the attacker.