CISA Emergency Directive 25-02 issued for Microsoft Exchange vulnerability

First reported

07.08.2025 15:00

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02, mandating federal agencies to update systems to mitigate a post-authentication vulnerability in hybrid Microsoft Exchange environments. This vulnerability, CVE-2025-53786, allows privilege escalation and exploitation of cloud-connected services if left unaddressed. The directive aims to protect identity integrity and administrative access across federal systems. No active exploitation has been reported, but the risk is deemed significant. CISA urges all organizations to follow the directive's guidance.

Timeline

07.08.2025 15:00 📰 1 articles · ⏱ 1mo ago

CISA issues Emergency Directive 25-02 for Microsoft Exchange vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02 on August 7, 2025, mandating federal agencies to update systems to mitigate a post-authentication vulnerability in hybrid Microsoft Exchange environments. The vulnerability, CVE-2025-53786, allows privilege escalation and exploitation of cloud-connected services. No active exploitation has been reported, but the risk is deemed significant. CISA urges all organizations to follow the directive's guidance.
Show sources

CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
Open in new tab

Information Snippets

CISA issued Emergency Directive 25-02 to address a vulnerability in hybrid Microsoft Exchange environments.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
The vulnerability, CVE-2025-53786, allows privilege escalation and exploitation of cloud-connected services.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
The directive mandates federal agencies to implement vendor mitigation guidance immediately.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
No active exploitation of the vulnerability has been reported as of the directive's issuance.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
The vulnerability poses a significant risk to identity integrity and administrative access across cloud-connected services.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00
CISA urges all organizations, not just federal agencies, to adopt the actions outlined in the directive.
First reported: 07.08.2025 15:00

📰 1 source, 1 article
Show sources
- CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability — www.cisa.gov — 07.08.2025 15:00

Similar Happenings

Active exploitation of CVE-2025-5086 in DELMIA Apriso

CVE-2025-5086, a critical deserialization flaw in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software, is being actively exploited. The vulnerability, with a CVSS score of 9.0, affects versions from Release 2020 through Release 2025. Exploitation attempts have been observed, targeting the /apriso/WebServices/FlexNetOperationsService.svc/Invoke endpoint with a Base64-encoded payload. The payload decodes to a GZIP-compressed Windows executable that deploys a malicious program designed to spy on user activities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, advising Federal Civilian Executive Branch (FCEB) agencies to apply updates by October 2, 2025. The malware, identified as Trojan.MSIL.Zapchast.gen, captures keyboard input, takes screenshots, and gathers information about active applications. This information is then sent to the attacker via various means, including email, FTP, and HTTP. The exploit involves sending a malicious SOAP request to vulnerable endpoints. The malicious requests were observed originating from the IP 156.244.33[.]162.

Open in new tab

Active exploitation of N-able N-central vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities in N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform used by Managed Service Providers (MSPs). The vulnerabilities, CVE-2025-8875 and CVE-2025-8876, allow for command execution and command injection. Both vulnerabilities require authentication to exploit and have been addressed in N-central versions 2025.3.1 and 2024.6 HF2. N-able has urged customers to upgrade and enable multi-factor authentication (MFA). The exact exploitation methods and scale are unknown. FCEB agencies must apply fixes by August 20, 2025. The vulnerabilities are not expected to be used at the beginning of an exploit chain, and exploitation does not appear to be widespread. Over 800 N-able N-central servers remain unpatched against these vulnerabilities.