Microsoft Releases Advisory for High-Severity Security Flaw in Exchange Server
Microsoft has issued an alert for a critical security vulnerability affecting on-premise versions of Exchange Server that could enable an attacker to elevate privileges in specific scenarios.
The flaw, identified as CVE-2025-53786, has been assigned a CVSS score of 8.0. Outsider Security’s Dirk-jan Mollema is credited with discovering the vulnerability.
“In an Exchange hybrid deployment, an attacker who gains administrative control over an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable traces,” Microsoft mentioned in the advisory.
Exploiting the vulnerability could lead to privilege escalation within the organization’s cloud environment, with the attacker needing administrator access to an Exchange Server.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also highlighted the impact of the vulnerability on an organization’s Exchange Online service if left unpatched.
Customers are advised to review Exchange Server security changes for hybrid deployments, install the April 2025 Hot Fix or newer, and follow the configuration instructions provided by Microsoft to mitigate the risk.
Additionally, Microsoft announced temporary measures to enhance the security posture of hybrid environments by blocking Exchange Web Services (EWS) traffic using the Exchange Online shared service principal.
The emergence of CVE-2025-53786 coincides with CISA’s analysis of malicious artifacts associated with recently disclosed SharePoint vulnerabilities, known as ToolShell.
CISA recommends disconnecting public-facing Exchange Server or SharePoint Server instances that have reached end-of-life from the internet and discontinuing the use of outdated versions to prevent potential exploits.
