Microsoft Exchange customers have been warned about a new high-severity vulnerability, which could allow an attacker to escalate privileges within an organization’s connected cloud environment.
The vulnerability (CVE-2025-53786) has a CVSS Score of 8.0 and impacts on-premises Microsoft Exchange server versions.
Successful exploitation requires an attacker to first gain or possess administrator access on an Exchange Server in an Exchange hybrid deployment.
Once access is gained, a threat actor can leverage the improper authentication flaw to achieve total domain compromise of an organization’s hybrid cloud and on-premises environments without leaving easily detectable and auditable traces, Microsoft warned in a security update on August 6.
There have been no known exploitation attempts at the time of disclosure, but the tech giant warned that such activity is likely to occur.
Read now: Ransomware Deployed in Compromised SharePoint Servers
Exchange Customers Urged to Take Action
Microsoft urged customers to implement measures set out in its Exchange Server Security Changes for Hybrid Deployments update, published in April 2025, and accompanying non-security Hot Fix.
“Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment,” the firm wrote.
These changes apply specifically to Exchange Server hybrid deployments.
Users who have previously configured Exchange hybrid or OAuth authentication between Exchange Server and their Exchange Online organization should reset the shared service principal’s keyCredentials.
The US Cybersecurity and Infrastructure Security Agency (CISA) published an alert on the disclosure, warning that the vulnerability could impact the identity integrity of an organization’s Exchange Online service.
In addition to the remediation steps outlined by Microsoft, CISA recommends that organizations disconnect public-facing versions of Exchange Server or SharePoint Server that have reached their end-of-life (EOL) or end-of-service from the internet.
“SharePoint Server 2013 and earlier versions are EOL and should be discontinued if still in use,” the agency noted.
Image credit: Tada images / Shutterstock.com
