ProxyShell Exploit Chain

May 6, 2025 invoker category_news

Security Update News

Update Information

Title ProxyShell Exploit Chain
Update ID AKB:116FDAE6-8C6E-473E-8D39-247560D01C09
Type attackerkb
Published 2025-05-05T00:00:00
Last Updated 2025-05-05T00:00:00

Security Impact

CVSS Score 9.1
Severity CRITICAL
Attack Vector NETWORK

Affected CVEs

  • CVE-2021-31207
  • CVE-2021-34473
  • CVE-2021-34523

Update Details

ProxyShell is an exploit chain targeting on-premise installations of Microsoft Exchange Server. It was demonstrated by Orange Tsai at Pwn2Own in April 2021 and is comprised of three CVEs that, when chained, allow a remote unauthenticated attacker to execute arbitrary code on vulnerable targets. The three CVEs are CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207.

Details are available in Orange Tsai’s Black Hat USA 2020 talk and follow-on blog series. ProxyShell is being broadly exploited in the wild as of August 12, 2021.

**Recent assessments:**

**ccondon-r7** at August 12, 2021 9:19pm UTC reported:

Check out the Rapid7 analysis for details on the exploit chain. Seems like a lot of the PoC implementations so far are using admin mailboxes, but I’d imagine folks are going to start finding ways around that soon.

**cbeek-r7** at November 22, 2024 9:12am UTC reported:

Check out the Rapid7 analysis for details on the exploit chain. Seems like a lot of the PoC implementations so far are using admin mailboxes, but I’d imagine folks are going to start finding ways around that soon.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.