CVE-2025-53786: Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

CVE-2025-8292: Chromium: CVE-2025-8292 Use after free in Media Stream

CVE-2025-8011: Chromium: CVE-2025-8011 Type Confusion in V8

CVE-2025-8010: Chromium: CVE-2025-8010 Type Confusion in V8

CVE-2025-53771: Microsoft SharePoint Server Spoofing Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability within the organization’s cloud environment?**

In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.

Headline

CVE-2025-53786: Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

Microsoft Security Response Center: Latest News