More than 29,000 Exchange Servers Vulnerable Due to Unpatched High-Severity Security Flaw

ByAdmin

Over 29,000 Microsoft Exchange servers remain unpatched against a critical vulnerability, tracked as CVE-2025-53786, which poses a significant risk of lateral movement within Microsoft cloud environments. This security flaw enables threat actors who gain administrative access to on-premises Exchange servers to escalate privileges in the connected cloud environment by forging or manipulating trusted tokens or API calls. The exploitation of this vulnerability can occur without leaving easily detectable traces, complicating detection efforts. CVE-2025-53786 affects Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition in hybrid configurations. Although Microsoft has not yet identified any evidence of active exploitation, the vulnerability has been classified as “Exploitation More Likely,” indicating that exploit code could be developed, making it an attractive target for attackers.

Following the disclosure of the vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02, mandating all Federal Civilian Executive Branch agencies to mitigate the risk by a specified deadline. Agencies are required to inventory their Exchange environments using Microsoft’s Health Checker script and disconnect unsupported public-facing servers from the internet. Remaining servers must be updated to the latest cumulative updates and patched with Microsoft’s April 2025 hotfix. CISA has warned that failure to address CVE-2025-53786 could lead to a total domain compromise in hybrid cloud and on-premises environments. While non-government organisations are not obligated to comply with the directive, CISA has encouraged all organisations to implement similar security measures to protect their systems from potential attacks. 

Categories: Cybersecurity Vulnerabilities, Microsoft Exchange Servers, Federal Cybersecurity Directives 

Tags: Exchange Servers, CVE-2025-53786, Vulnerability, Microsoft, Cloud Environments, Privilege Escalation, Unpatched, CISA, Hybrid Configurations, Security Flaw 

Leave a Reply

Your email address will not be published. Required fields are marked *