CVE-2025-53786

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the April 2025 Hot Fix

Description A high-severity vulnerability (CVE-2025-53786) exists in Microsoft Exchange Server hybrid deployments. This vulnerability allows attackers with administrative access to on-premises Exchange servers to escalate privileges and potentially compromise cloud environments. The vulnerability stems from a shared service principal used between on-premises and Exchange Online, enabling attackers to forge trusted tokens for cloud access without generating logs. Over 29,000 Exchange servers were reported as unpatched and vulnerable. CISA issued an emergency directive mandating federal agencies to patch the vulnerability by August 11, 2025. Exploitation is considered likely.

Recommendations Apply the April 2025 Hot Fix or later to all affected Exchange Server deployments. Implement the changes outlined in the Microsoft security guidance released on April 18, 2025. For hybrid deployments, reconfigure the hybrid application to avoid using the shared service principal. Reset service principal credentials. Run the Exchange Health Checker to verify the configuration.