CVE-2025-53786

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the April 2025 Hot Fix

Description A critical vulnerability (CVE-2025-53786) exists in Microsoft Exchange Server hybrid deployments. This flaw allows attackers with administrative access to on-premises Exchange servers to escalate privileges and potentially compromise cloud environments. The vulnerability stems from a shared service principal used between on-premises and Exchange Online, enabling attackers to forge trusted tokens for cloud access without generating logs. Over 29,000 Exchange servers were reported as unpatched, posing a significant risk. CISA issued an emergency directive mandating federal agencies to patch the vulnerability by August 11, 2025. The vulnerability allows for silent cloud access and potential domain compromise.

Recommendations Apply the April 2025 Hot Fix or later to all affected Exchange Server deployments. Implement the changes outlined in the April 18, 2025, Microsoft security guidance. For hybrid deployments, reconfigure to use a dedicated hybrid application instead of the shared service principal. Reset service principal credentials. Run the Exchange Health Checker to verify the configuration.