Microsoft has announced a critical vulnerability, CVE-2025-53786, affecting hybrid Exchange Server deployments, which could allow privilege escalation and compromise both on-premises and cloud environments. While not yet exploited in the wild, organizations are urged to apply patches as soon as possible to prevent potential total domain takeovers. #CVE-2025-53786 #ExchangeServer
Keypoints
- Microsoft identified a high-severity vulnerability in hybrid Exchange Server environments.
- The flaw can be exploited to escalate privileges within connected cloud and on-premises systems.
- The vulnerability has been patched in Exchange Server 2016, 2019, and Subscription Edition RTM.
- Organizations are advised to implement patches and mitigations to prevent domain compromise.
- Microsoft plans to block Exchange Web Services traffic related to shared service principals starting August 2025.