Microsoft has issued a security advisory warning customers of a high-severity vulnerability in hybrid Exchange deployments that could allow attackers to escalate privileges in Exchange Online cloud environments undetected. The vulnerability, tracked as CVE-2025-53786, affects Exchange Server 2016 and Exchange Server 2019, as well as Microsoft Exchange Server Subscription Edition.
In a hybrid deployment, on-premises Exchange servers share the same service principal with Exchange Online, which can be exploited by attackers to forge or manipulate trusted tokens or API calls. This allows them to bypass traditional cloud-based auditing methods, making it challenging to detect malicious activity.
Microsoft has tagged this vulnerability as “Exploitation More Likely” due to its potential for exploitation, and CISA has issued a separate advisory advising network defenders to secure their Exchange hybrid deployments by installing hotfix updates and deploying dedicated apps. Failure to mitigate the vulnerability could lead to a total domain compromise, highlighting the importance of prompt action.
As organizations continue to face threats from financially motivated and state-sponsored hackers, it is essential to prioritize security measures, such as keeping on-premises Exchange servers up to date with the latest supported Cumulative Update (CU) and monitoring for potential breaches.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-high-severity-flaw-in-hybrid-exchange-deployments