BigTech CompaniesCybersecurityNewswireTechnology

29,000+ Unpatched Exchange Servers at Risk from Critical Flaw

▼ Summary

– Over 29,000 unpatched Exchange servers remain vulnerable to CVE-2025-53786, a high-severity flaw allowing attackers to escalate privileges in cloud environments.
– The vulnerability affects Exchange Server 2016, 2019, and Subscription Edition in hybrid setups, enabling attackers to forge tokens or manipulate API calls without easy detection.
Microsoft released a hotfix in April 2025, but Shadowserver scans show 29,098 unpatched servers, with the U.S., Germany, and Russia having the highest exposures.
– CISA issued Emergency Directive 25-02, mandating federal agencies to mitigate the flaw by disconnecting vulnerable servers and applying updates by a strict deadline.
– CISA warned that unpatched systems risk total domain compromise and urged all organizations, not just federal agencies, to take immediate action.

Thousands of Microsoft Exchange servers remain vulnerable to a critical security flaw that could allow attackers to infiltrate entire cloud environments, putting organizations at risk of full domain takeover. The unpatched vulnerability, identified as CVE-2025-53786, affects hybrid configurations of Exchange Server 2016, 2019, and the newer Subscription Edition, enabling threat actors to escalate privileges silently within cloud-connected systems.

Security researchers warn that exploitation of this flaw could go undetected, as attackers manipulate trusted tokens or API calls without leaving obvious traces. Microsoft addressed the issue in an April 2025 hotfix as part of its Secure Future Initiative, which introduced a more secure hybrid architecture. Despite no confirmed attacks yet, the company flagged the vulnerability as high-risk, noting that reliable exploit code could emerge.

Recent scans by Shadowserver reveal over 29,000 exposed Exchange servers still lack the critical patch, with the highest concentrations in the U.S. (7,200+), Germany (6,700+), and Russia (2,500+). The widespread exposure raises concerns, particularly for organizations slow to implement security updates.

In response, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02, mandating federal agencies to immediately mitigate the threat. Affected agencies must inventory their Exchange environments, disconnect unsupported servers, and apply the latest cumulative updates along with Microsoft’s hotfix. CISA emphasized that delays could result in total domain compromise across hybrid cloud and on-premises systems.

While the directive specifically targets federal entities, CISA Acting Director Madhu Gottumukkala urged all organizations to follow the same precautions. “The risk extends to every sector using Exchange,” Gottumukkala stated. “Proactive measures are essential to prevent widespread breaches.”

The situation underscores the importance of timely patching, especially for widely used enterprise systems like Microsoft Exchange. Organizations relying on outdated or unmaintained servers face heightened exposure, making swift action critical to avoid potential cyberattacks.

(Source: Bleeping Computer)

Topics

unpatched exchange servers vulnerability 95% cve-2025-53786 90% cisa emergency directive 25-02 90% microsoft exchange server versions affected 85% federal agencies mitigation mandate 85% risk domain compromise 85% importance timely patching 80% shadowserver scans 80% global exposure vulnerable servers 80% microsofts secure future initiative 75%

The Wiz

Wiz Consults, home of the Internet is led by "the twins", Wajdi & Karim, experienced professionals who are passionate about helping businesses succeed in the digital world. With over 20 years of experience in the industry, they specialize in digital publishing and marketing, and have a proven track record of delivering results for their clients.