- Microsoft finds a high severity flaw in hybrid exchange bodies
- Exchange Server 2016 and Exchange Server 2019 are assigned, as is the Microsoft Exchange Server subscription edition
- A hotfix is available, so users must update now
Microsoft has urged its customers to be on alert after discovering a dangerous vulnerability in hybrid exchange deployments.
Microsoft describes the problem as an “inappropriate authentication” bug, followed as CVE-2025-53786 with a gravity score of 8.0 / 10 (high). Threat actors with administrative access to a premale exchange server can use vulnerability to intensify privileges in the online connected exchange environment due to trust defects in the main configurations of the shared service.
Things could be even worse, because the activity of the exchange on a premeter does not always generate newspapers associated with malicious behavior in Microsoft 365, which could cause cyber attacks not identified via an audit based on the cloud.
“Commercial information accessible to the public”
A hybrid deployment of Microsoft Exchange combines on -site exchange servers with Exchange Online in Microsoft 365, allowing them to work together as a single system. It allows organizations to take care of emails, calendar and sharing of transparent contacts in both environments.
“In a hybrid exchange of exchange, an attacker who first gains administrative access to a on -site exchange server could potentially degenerate privileges in the connected cloud environment of the organization without leaving an easily detectable and verifiable trace,” said Microsoft.
Exchange Server 2016 and Exchange Server 2019 are assigned, as is the Microsoft Exchange Server subscription edition.
Even if there is not yet proof of abuse in the wild, Microsoft has urged its customers to apply the Hotfixes April 2025, to go to the dedicated hybrid Exchange application and to reset the references of the shared director to mitigate the risk.
At the same time, the American Cybersecurity and Infrastructure Safety Agency (CISA) also published an opinion, urging computer teams to, in addition to the Hotfix, examines the main cleaning mode of the Microsoft service, then runs the Microsoft Exchange health auditor.
Not doing it could lead to a “hybrid cloud and a total compromise on the domain on site”, warned Cisa.
Via Bleeping Compompute
