A high-severity vulnerability in Microsoft Exchange has been discovered, which could allow hackers to pivot from the on-premises version to the cloud version and gain total control of the system. The vulnerability, tracked as CVE-2025-53786, exploits vulnerable hybrid-joined configurations, allowing an attacker with administration privileges to escalate their privileges.
Microsoft has not seen evidence of exploitation, but CISA urged users of on-premises Exchange servers to download the April 2025 hotfix updates. Organizations should disconnect internet-connected versions of Microsoft Exchange Server and Sharepoint Server if they have reached end-of-life status.
The company plans to temporarily block Exchange Web Services traffic through its shared service principal. It encourages customers to migrate to its Exchange Hybrid app, which offers a “rich coexistence” between cloud and on-premises products.
CISA’s acting executive assistant director, Chris Butera, stated that all organizations should implement Microsoft guidance to reduce risk. The agency is urging federal civilian agencies to take immediate action and implement the recommended vendor guidance by Monday.
This vulnerability highlights the importance of operational collaboration in securing critical infrastructure. CISA and Microsoft’s teamwork has set a precedent for addressing vulnerabilities and reducing risks.
Source: https://www.cybersecuritydive.com/news/cisa-microsoft-warn-about-new-microsoft-exchange-server-vulnerability/757022