Microsoft Warns of Hybrid Exchange Deployment Flaw
bankinfosecurityCISA Issues Emergency Directive Requiring Federal Agencies to Fix Flaw Akshaya Asokan (asokan_akshaya) , David Perera (@daveperera) • August 7, 2025

A vulnerability in Exchange hybrid deployments could allow attackers to escalate privileges and gain administrative access to cloud-based environments.
The vulnerability, tracked as CVE-2025-53786, allows attackers to read, exfiltrate and delete emails from any mailbox within the organization. They could auto-forward emails to external accounts. A hacker would already need administrative access to an on-premise Exchange server for the attack to be successful. The flaw rates 8.0 on the CVSS scale.
Microsoft said Tuesday there is no evidence of its exploitation and "strongly" recommended installing hot fix updates made available in April and following updated configuration guidance for hybrid deployments.
The U.S. Cybersecurity and Infrastructure Security Agency ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE