Microsoft has announced a high-severity vulnerability in on-premise versions of Exchange Server, identified as CVE-2025-53786, with a CVSS score of 8.0. This issue enables attackers with administrator access to potentially escalate privileges in connected Exchange Online environments without leaving traces. CISA warned that unaddressed, this could affect an organization's Exchange Online identity integrity. Recommendations include reviewing Exchange Server security settings, applying relevant fixes, and resetting service principal credentials if hybrid configurations are no longer in use.
In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.
Successful exploitation of the flaw could allow an attacker to escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.
CISA stated that the vulnerability could impact the identity integrity of an organization's Exchange Online service if left unpatched.
Customers are recommended to review Exchange Server security changes for hybrid deployments, install the April 2025 Hot Fix, and follow the configuration instructions.
Collection
[
|
...
]