A new high-severity vulnerability in Exchange Server hybrid deployments, tracked as CVE-2025-53786, poses a risk of privilege escalation from on-premises environments to the cloud. Although it has not yet been exploited, there is a heightened likelihood of future attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive for government agencies to address the issue by August 11. This vulnerability arises from shared identity authentication between on-premises Exchange servers and Exchange Online, which has been a target of previous intrusions.
CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.
While this latest security flaw, tracked as CVE-2025-53786, isn't under attack (yet), Microsoft deems 'exploitation more likely,' and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the CVE can lead to 'hybrid cloud and on-premises total domain compromise.'
CISA on Thursday issued an emergency response directive mandating government agencies fix the issue by August 11. All organizations are strongly encouraged to implement Microsoft guidance to reduce risk.
An earlier 2023 Exchange intrusion gave China's Storm-0558 access to about 60,000 State Department emails and prompted the Cyber Safety Review Board investigation into Microsoft's security failings, which the CSRB attributed to a 'cascade of avoidable errors.'
Collection
[
|
...
]