KP Cyber Security News

Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment

Thu, 08/07/2025 - 10:01 / 0 Comments

Microsoft on Wednesday informed organizations about a high-severity vulnerability affecting hybrid deployments of Exchange Server.

According to Microsoft, the vulnerability, tracked as CVE-2025-53786, can be exploited by an attacker to escalate privileges.

“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft explained. “This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.”

The issue, reported by Dirk-jan Mollema of Outsider Security, has been patched in Exchange Server 2016, 2019 and Subscription Edition RTM.

Microsoft’s advisory indicates that the vulnerability has not been exploited in the wild, but its exploitability assessment is ‘exploitation more likely’.

CISA has also published an alert for CVE-2025-53786, saying that, while Microsoft has not seen any in-the-wild attacks, organizations are strongly urged to implement patches and mitigations “or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise”.

Microsoft on Wednesday also published a blog post to remind customers about recently announced changes to Exchange hybrid environments.

“Starting in August 2025, we will begin temporarily blocking Exchange Web Services (EWS) traffic using the Exchange Online shared service principal (which is by default used by some coexistence features in hybrid scenarios),” the company explained.

It added, “This is a part of a phased strategy to speed up customer adoption of the dedicated Exchange hybrid app and making our customer’s environments more secure.”

It’s not uncommon for threat actors to target Exchange Server instances. CISA’s Known Exploited Vulnerabilities catalog currently includes 17 Exchange flaws exploited since 2018.

The article was originally published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
3 + 3 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts