Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) - Help Net Security

Microsoft has disclosed a vulnerability (CVE-2025-53786) in Exchange Server and Exchange Online hybrid deployments. This vulnerability allows attackers with administrative access to an on-premises Exchange server to escalate privileges within the connected cloud environment. Microsoft advises organizations to install hotfixes, deploy the dedicated Exchange hybrid app, and reset the shared service principal’s keyCredentials to mitigate this risk.