Microsoft Warns of Probable Exchange Hybrid Flaw Allowing Attackers to Access Microsoft 365 Undetected

If an attacker gets admin control over the on-premises Exchange server, they can forge authentication tokens or make API calls that the cloud side accepts as valid.

Microsoft is investigating a major security risk in Exchange Server hybrid deployments that could let attackers gain escalated access within connected Microsoft 365 cloud environments. The vulnerability, CVE-2025-53786, affects Exchange Server 2016, Exchange Server 2019, and the Subscription Edition.

If an attacker gets admin control over the on-premises Exchange server, they can forge authentication tokens or make API calls that the cloud side accepts as valid. Because Exchange Online trusts the on-premises server by default, these actions can go unnoticed, as they often avoid detection in standard Microsoft 365 audit tools, as reported by Bleeping Computer.

Microsoft says the issue could lead to a full compromise of both the cloud and on-premises environments. Although there are no known attacks yet, Microsoft has marked ...