Federal cyber authorities have issued an urgent alert regarding a high-severity vulnerability affecting on-premises Microsoft Exchange servers, following revelations presented at the Black Hat conference. This vulnerability, identified as CVE-2025-53786, has prompted Microsoft to issue an advisory clarifying that while they are not aware of any active exploitation, the risk remains substantial for organizations utilizing hybrid Exchange configurations.
Tom Gallagher, VP of Engineering at Microsoft Security Response Center, indicated that the decision to announce the vulnerability was timed strategically to coincide with the findings shared by researcher Mollema at the conference. Gallagher emphasized that exploitation of the vulnerability necessitates administrative access to the on-premises Exchange server. This risk is compounded by the interconnected nature of on-premises and cloud-based versions of Exchange, making privilege escalation a significant concern.
The Cybersecurity and Infrastructure Security Agency (CISA) took immediate action on Thursday by issuing an emergency directive. The directive mandates that all federal agencies execute Microsoft’s Exchange Server Health Checker script and apply necessary updates to all eligible servers by 9 a.m. EDT on Monday, while also disconnecting any unsupported Exchange servers.
Highlighting the urgency of the situation, CISA warned that organizations have a “grave risk” if they do not mitigate the vulnerability promptly. The directive was underscored by Microsoft’s previous efforts to secure Exchange by releasing changes in April 2025. Organizations are urged to follow the April 2025 hot fix updates from Microsoft prior to the impending restrictions aimed at enhancing security across Exchange environments.