CISA Warns of High-Severity Microsoft Exchange Hybrid Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, warning of a high-severity vulnerability, CVE-2025-53786, in Microsoft 365 Exchange hybrid deployments. This flaw can be exploited by attackers to escalate privileges and potentially compromise entire domains.
Dirk-jan Mollema from Outsider Security discovered the vulnerability, which affects Exchange Server and Exchange Online in hybrid configurations that share the same service principal. Microsoft has addressed the issue in Exchange Server 2016, 2019, and Subscription Edition RTM through an April 2025 hotfix.
To mitigate the risk, organizations should follow Microsoft's guidance. Key steps include applying the hotfix, configuring a dedicated hybrid app, cleaning up service principals, and running the Exchange Health Checker. CISA urges swift action to prevent potential domain compromise.
CISA's emergency directive highlights the persistent threat to Microsoft 365 Exchange systems, with threat actors frequently exploiting Microsoft Exchange Server vulnerabilities. Although Microsoft is not aware of any attacks exploiting CVE-2025-53786 in the wild, organizations must remain vigilant and promptly address this high-severity flaw to ensure the security of their hybrid deployments.
