PT-2025-15587 · Microsoft · Active Directory Domain Services+1

Matthieu Buffet

Published

2025-04-08

Updated

2025-04-11

CVE-2025-29810

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Active Directory Domain Services versions prior to the fixed version

Description: The issue is related to improper access control in Active Directory Domain Services, allowing an authorized attacker to elevate privileges over a network. This could potentially give attackers complete control over affected systems.

Recommendations: For all versions of Active Directory Domain Services prior to the fixed version, apply the security updates for Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Fix

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2025-04247

CVE-2025-29810

Affected Products

Active Directory Domain Services

Windows

PT-2025-15587 · Microsoft · Active Directory Domain Services+1

CVE-2025-29810

Weakness Enumeration

Related Identifiers

Affected Products

References · 16