CVE-2025-32724

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified)

Description An uncontrolled resource consumption issue in the Windows Local Security Authority Subsystem Service (LSASS) can allow an unauthorized attacker to cause a denial of service over a network. This issue enables attackers to disrupt system functionality. Reports indicate that the vulnerability, identified as CVE-2025-32724, is being exploited by 'win-dDoS' to compromise domain controllers and use them as DDoS botnet participants, potentially affecting up to 10,000 domain controllers. The exploitation leverages LDAP referrals and does not require credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.