Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.

The vulnerability, tracked as CVE-2025-53786 , carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.

"In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces," the tech giant said in the alert.

"This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations."

Succes

See Full Page