Start your free trial today.

Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.

Your Shield Against Threats

Unleash the Power of Cybersecurity

Boost Your Security, Enhance Your Business

We solve Your Cyber Challenges

Quick Links

Resources

Deepaegis Portals

Privilege Escalation in Microsoft Exchange Hybrid Deployment

CVSS SCORE:9.8

TLP:White

CVE ID:CVE-2025-53786

SEVERITY:Critical

Type:Privilege Escalation

Vendor:Microsoft

Reporter:Microsoft

Exploitable?No

Summary

A critical vulnerability (CVE-2025-53786) affects Microsoft Exchange hybrid deployments.

Impact

Successful exploitation allows privilege escalation from on-premises Exchange Server to Exchange Online without leaving easily auditable traces. This could result in full compromise of cloud-hosted mailboxes and services.

Affected Products

Microsoft Exchange Server

Affected Version: Exchange Server 2016 CU23

CVSS Metrics

Source: NVD

version3.1

vectorStringCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

baseScore9.8

baseSeverityCRITICAL

attackVectorNETWORK

attackComplexityLOW

privilegesRequiredHIGH

userInteractionNONE

scopeCHANGED

confidentialityImpactHIGH

integrityImpactHIGH

availabilityImpactHIGH

Exploitability Score3.9

Impact Score5.9

CWE Information

Source: MITRE,Type: Weakness

Action Information

Remediation: Install the latest hotfix for Exchange Server.

Patch and Mitigation Information

Patch Information

Hotfixes available for Exchange Server 2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM

Temporary Fixes / Workarounds

No temporary fixes provided

Recommended Security Measures

Isolate Exchange servers from public internet

Detection Methods

Run Microsoft Exchange Health Checker

Date Of Vendor Response

7/28/2025

Date Of Patch Release

7/28/2025

Additional Information

References

:https://www.microsoft.com/en/security/blog

Affected Organizations

No affected organizations specified

Confidentiality Notice

This document contains sensitive information. Unauthorized distribution is prohibited.

Vulnerability Advisory

Published 8/6/2025

Updated 8/6/2025