SecuriTricks - CVE-2025-53786

Description

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

Product(s) Impacted

Vendor	Product	Versions
Microsoft	Exchange Server	<2025-*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	microsoft	exchange_server	<2025-*	/	/	/	/	/	/	/

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786

CVSS Score

8.0 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: HIGH
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

View Vector String

Timeline

Published: Aug. 6, 2025, 4:15 p.m.
Last Modified: Aug. 6, 2025, 8:23 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@microsoft.com

CVE-2025-53786