The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert over a newly disclosed high-severity vulnerability in Microsoft Exchange Server, known as CVE-2025-53786. This vulnerability allows a cyber threat actor with administrative access to escalate privileges and impact the identity integrity of an organization’s Exchange Online service.
To mitigate this risk, CISA strongly urges organizations to follow Microsoft guidance on this issue. However, it has not observed any active exploitation of the vulnerability yet.
Microsoft has announced plans to temporarily block Exchange Web Services traffic using a shared service principal, as part of a phased strategy to make customer environments more secure.
A researcher from Outsider Security demonstrated how the shared service principal can be exploited at the Black Hat hacking conference in Las Vegas. Microsoft was informed of the contents three weeks prior and issued mitigation guidance.
CISA recommends entities disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet.
In a separate development, Microsoft has announced Project Ire, an autonomous AI agent that can analyze and classify malware without assistance. This technology uses advanced language models and decompilers to determine whether software is malicious or not. According to Microsoft, this system has a 0.08 precision rate using public datasets of Windows drivers.
Source: https://www.forbes.com/sites/daveywinder/2025/08/10/cisa-issues-urgent-microsoft-cve-2025-53786-security-warning