Search Results: CVE_2025_53786

Federal agencies have until Monday to patch CVE-2025-53786, a critical Microsoft Exchange vulnerability allowing on-premises attackers to pivot into cloud environments. The flaw exploits shared authentication in hybrid setups, potentially enabling full domain compromise with minimal detection. Security researcher Dirk-Jan Mollema demonstrated the exploit at Black Hat, warning that patching alone is insufficient without architectural changes.

Microsoft warns of a high-severity vulnerability in hybrid Exchange deployments that lets attackers escalate privileges in Exchange Online without leaving audit trails. The flaw exploits a shared identity between on-prem and cloud systems, with CISA warning mitigation delays could lead to catastrophic breaches.