In April 2025, Microsoft released guidance as well as hotfix updates for an Exchange service flaw (CVE-2025-53786). This flaw would enable malicious actors to escalate privileges inside of an organization's connected cloud environment, provided they have gained administrative access to on-premises Exchange servers. 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive in response to this vulnerability; however, as of August 1th, 2025, more than 28,000 Exchange servers remain unpatched. 

Security Leaders Weigh In

Thomas Richards, Infrastructure Security Practice Director at Black Duck:

This is a serious vulnerability in Exchange and security teams should give it immediate attention. Patching the server is not enough, and since it is difficult to detect compromise, Microsoft has provided actions for teams to take to make sure any compromised trust tokens are rotated. This is essential for teams to follow for a full remediation and to ensure uncompromised trust in software. If the system is unpatched, CISA has warned of a complete compromise of Exchange and Active Directory being possible. If compromised, it could cause a detrimental impact to business operations.

James Maude, Field CTO at BeyondTrust:

In modern hybrid IT environments, there can often be hidden paths to privilege opened up by often long forgotten service accounts. These non-human identities (NHIs) are often granted a high level of privilege making them a prized target for threat actors. In the case of CVE-2025-53786, there is the potential for a service principal that can authenticate to both on-prem and cloud systems to be compromised and used to exploit trust relationships.

This is made especially challenging to deal with as logging solutions are often not focused on these NHIs, and in the worst cases, organizations might not realize how dangerous the identity and account is. While timely patching of this vulnerability is essential, it is as important for organizations to focus on getting visibility of privileged identities especially ones that can bridge between on-prem and cloud systems. Having visibility of the true privilege of all identities human and non-human is of ever-increasing importance as NHIs, including AI, rapidly outpace human identities in scale and privilege. 

Elad Luz, Head of Research at Oasis Security:

To reduce the risks associated with non-human identities (NHIs), security teams need to implement modern identity management practices, strong governance, and proactive security controls. Where possible, organizations should transition to cloud-native identities and establish a comprehensive lifecycle management strategy for NHIs that cannot be migrated. Maintaining good identity hygiene is critical — this includes removing stale or unused NHIs, conducting regular access reviews, and ensuring NHIs follow the Principle of Least Privilege (PoLP) by granting only the minimum permissions necessary.

A structured policy and enforcement program should be built around risk analysis and compliance frameworks, ensuring NHIs align with both security best practices and regulatory requirements. Adopting short-lived credentials, automated credential rotation, and managed identities can further minimize risk by limiting exposure. Collaboration with app development and DevSecOps teams is also essential to integrate these security measures without disrupting workflows, ensuring that NHIs remain secure while maintaining operational efficiency. By treating NHIs with the same level of oversight as human identities, organizations can mitigate risk while maintaining agility and scalability across their development and cloud environments.