CISA Warns: Urgent Action Needed for Critical Microsoft Exchange Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive, urging companies to take immediate action against a critical vulnerability in Microsoft Exchange servers. The vulnerability, identified as CVE-2025-53786, allows local administrators to escalate privileges in hybrid configurations.
CISA recommends disconnecting publicly accessible versions of Exchange Server or SharePoint Server that have reached their end of life or end of support from the internet. Companies using Exchange Hybrid should also reset the service principal and run the Microsoft Exchange Health Checker.
Microsoft has not observed exploitation of this vulnerability at the time of the warning's publication. However, companies should monitor the Microsoft blog 'Dedicated Hybrid App: temporary enforcements, new HCW and possible hybrid functionality disruptions' for further instructions.
To determine if their deployments are affected, companies using Exchange Hybrid should follow Microsoft's guidelines and install the April 2025 Exchange Server Hotfix Updates. Microsoft recommends assigning least-privilege roles through Microsoft Entra ID for managing user permissions in Exchange Server hybrid deployments, ensuring that administrators have only the necessary permissions.
CISA urges companies to inventory all Exchange servers in their networks using existing transparency tools or publicly available tools like NMAP or PowerShell scripts. CISA has issued Emergency Directive 25-02 to mitigate Microsoft Exchange vulnerability CVE-2025-53786. Companies are advised to follow the recommended steps promptly to secure their systems.
