CVE-2025-53786

CWE-287Improper Authentication8 documents7 sources
Severity
8.0HIGH
EPSS
0.1%
top 66.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Microsoft Exchange Server 2019 Cumulative Update 15+2 more
Timeline
PublishedAug 6
Latest updateAug 12

Description

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by tak

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages5 packages

CVEListV5microsoft/microsoft_exchange_server_subscription_edition_rtm15.02.0.015.02.2562.017
NVDmicrosoft/exchange_server2016, 2019+1

🔴Vulnerability Details

2
GHSA
GHSA-v92c-556h-xm93: On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix2025-08-06
CVEList
Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability2025-08-06

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability2025-08-12

🕵️Threat Intelligence

3
Krebs
Microsoft Patch Tuesday, August 2025 Edition2025-08-12
Krebs
Microsoft Patch Tuesday, August 2025 Edition2025-08-12
Bleepingcomputer
CISA orders fed agencies to patch new Exchange flaw by Monday2025-08-07