Exchange Server – Privilege Escalation Vulnerability

Microsoft has released updated guidance for CVE-2025-53786, a privilege escalation vulnerability affecting hybrid Exchange deployments. If exploited, this flaw could allow attackers with administrative access to an on-premises Exchange Server to escalate privileges into the connected Exchange Online environment—without leaving easily detectable or auditable traces.

Although no active exploitation has been observed, Microsoft recommends that organizations install the April 2025 Hotfix and deploy the Hybrid Application to mitigate the risk.

What actions should the Administrators take if they are running in the Exchange 2016/2019 environment?

• Install the latest Cumulative Update, followed by the April 2025 Hotfix.
• Deploy the Hybrid Application using the latest Hybrid Connectivity Wizard.
• Enable the dedicated Exchange hybrid application feature via a setting override.

How can Administrators verify the Remediation has taken effect?
After configuring the dedicated Exchange hybrid application and enabling the feature on the Exchange Server, administrators can audit its usage through the Entra ID Sign-in logs.


What actions should the Administrators take if they have already decommissioned the last Exchange server in the environment?
Administrators are required to reset the service credentials in Office 365 by running the ConfigureExchangeHybridApplication PowerShell script with the switch: ResetFirstPartyServiceCredentails

Helient strongly recommends that the Administrators to take necessary measures to remediate vulnerability as soon as possible. If you would like more information or assistance, please contact our Industry-leading experts at service@helient.com.