CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
Tenable, Thursday, August 7th, 2025
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments.
Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments.
What is CVE-2025-53786
CVE-2025-53786 is an elevation of privilege (EoP) vulnerability affecting hybrid deployments of Microsoft Exchange Server. An attacker with administrator privileges to an on-premises Exchange Server can escalate their privileges within a connected cloud environment. This flaw exists due to Exchange Server and Exchange Online sharing 'the same service principal in hybrid configurations.'