Microsoft has warned customers of a high-severity vulnerability, tracked as CVE-2025-53786, that affects on-premises Exchange Servers configured in hybrid deployments. The flaw, rated 8.0 on the CVSS scale, allows an attacker who already has administrator rights on the on-prem server to silently escalate privileges and gain broad access to the organisation’s connected Exchange Online environment with little or no audit trail. In a 6 August advisory, the company urged administrators to install the April 2025 (or newer) hotfix, reset the shared service principal’s keyCredentials and migrate to the dedicated Exchange hybrid application. Although Microsoft said it has not yet observed active exploitation, it cautioned that unpatched systems could face full domain compromise. The US Cybersecurity and Infrastructure Security Agency reinforced the alert on 7 August, recommending that organisations immediately apply Microsoft’s mitigations and disconnect any end-of-life Exchange or SharePoint servers exposed to the internet. Microsoft added that it will begin temporarily blocking Exchange Web Services traffic that uses the shared service principal later this month to accelerate adoption of the hardened configuration.