**Name of the Vulnerable Software and Affected Versions:**

Microsoft Exchange Server versions prior to the April 2025 Hot Fix.

**Description:**

A high-severity vulnerability exists in Microsoft Exchange Server hybrid deployments that could allow an attacker with administrative access to an on-premises Exchange server to escalate privileges and potentially compromise cloud environments. The vulnerability allows attackers to bypass authentication mechanisms and gain unauthorized access to Exchange Online. Exploitation may not generate logs, making detection difficult. Over 29,000 Exchange servers were reported as unpatched and vulnerable as of August 7, 2025. CISA issued an emergency directive mandating federal agencies to patch the vulnerability by August 11, 2025.

**Recommendations:**

Apply the April 2025 (or later) Hot Fix and implement the changes documented in the April 18th, 2025 announcement. If you are running hybrid Exchange, rearchitect identity boundaries. Reset service principal credentials and run the Exchange Health Checker. If you are using hybrid Exchange solely for SMTP relay, recipient management, and migrations, run the mitigation script.