Microsoft warns of serious vulnerability in hybrid Exchange deployments

Microsoft has issued a warning about a high-severity vulnerability in hybrid Microsoft Exchange Server deployments. Tracked as CVE-2025-53786, the vulnerability could allow for privilege escalation by cyber threat actors with administrative access to an on-premise Microsoft Exchange server. Although there is not currently any indication of active exploitation, the issue is considered extremely serious and requires immediate attention. The vulnerability was discovered some time ago, as is clear from the announcement made by Microsoft. In an advisory posted to MSRC, the company says: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot… [Continue Reading]