This past weekend CISA issued warnings for Microsoft Exchange server (CVE-2025-53786.) As of right now there is no active exploitation of the server, however it is still at risk. Microsoft is urging organizations to follow the recommended protocols to ensure no one falls victim to this vulnerability.
What Happened?
Microsoft had noticed the vulnerability within the server back in April and applied a Hotfix in hopes to solve it. Though the issue has not been dealt with and there is still a vulnerability within the server. The main issue at hand is that within Hybrid environments, Exchange Server uses a certificate to authenticate Exchange Online – where a cybercriminal could pose a threat by gaining access through impersonating hybrid users. These bad actors could create tokens that provide up to 24-hours of access through requesting service tokens from Microsoft’s Access Control Service.
What Does This Mean?
If you are exposed to cybercriminals taking advantage of this vulnerability, you may fall victim to some attacks that can harm you and your organization.
- Full Cloud Account Takeover
- MFA & Conditional Access Bypass
- Data Theft & Espionage
What Steps Should You Take?
You may be asking what the next steps are to ensure you, your company, and/or your data are secured and protected. Here are a few recommendations on how to protect yourself:
- Upgrade to the latest version (Apply April 2025 Hotfix)
- Disconnect any End-Of-Life Exchange Servers
- Run an Exchange Health Checker