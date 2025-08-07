Vulnerability Management, Cloud Security

Total system compromise possible with new Microsoft Exchange flaw

(Adobe Stock)

(Adobe Stock)

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency and Microsoft regarding the high-severity Microsoft Exchange vulnerability, tracked as CVE-2025-53786, which could allow attackers to transition from on-premises to cloud iterations of the software to facilitate complete system compromise, reports Cybersecurity Dive.

Vulnerable hybrid-joined configurations could be abused by threat actors for privilege escalation, according to a CISA alert, which urged the immediate application of Microsoft's April 2025 Exchange Service hotfixes and the deactivation of internet connectivity for end-of-life Exchange Server and SharePoint Server instances despite the lack of evidence suggesting active exploitation. Meanwhile, Microsoft has called on organizations to use its new Exchange Hybrid app that enables improved management of cloud and on-premises instances as it mulls to prohibit Exchange Web Services traffic in the shared service principal for the time being. "All organizations are strongly encouraged to implement Microsoft guidance to reduce risk," said Acting CISA Executive Assistant Director for Cybersecurity Chris Butera.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Related

Free NSA cyber services program expands

Increasing cybersecurity threats against under-resourced U.S. defense contractors have prompted the National Security Agency to provide free pentesting services under its Continuous Autonomous Penetration Testing program to 1,000 organizations in 2025 after initially covering only 200 during its launch last year, reports Infosecurity Magazine.

Nascent HTTP request smuggling attacks have widespread impact

SecurityWeek reports that multiple major organizations, popular content delivery networks, and websites have been compromised with new versions of the HTTP request smuggling attack technique, also known as desync attack, which involves the delivery of malicious requests to facilitate session theft, web cache poisoning, or phishing site redirections.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowCloud ComputingDisassemblyGreynet

You can skip this ad in 5 seconds