Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

CISA, Microsoft warn about new Microsoft Exchange server vulnerability

Microsoft was the first to publicly assert that Volt Typhoon had successfully compromised networks. (Trazika / Pixabay)
By David Jones

The Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft late Wednesday warned that a new high-severity vulnerability in Microsoft Exchange could let hackers pivot from the on-premises version of the product to the cloud version and potentially gain total control of the system.

The vulnerability, tracked as CVE-2025-53786, could allow an attacker with administration privileges for on-premises Exchange “to escalate privileges by exploiting vulnerable hybrid-joined configurations,” CISA said in its alert.

Microsoft has not seen evidence that hackers are exploiting the vulnerability, according to CISA’s alert. A CISA employee, who requested anonymity to speak candidly, said the agency likewise had not seen signs of exploitation.

Read more at Cybersecurity Dive

Read More

Click to listen highlighted text!