CVE-2025-54918

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows NTLM versions prior to the fix included in CVE-2025-54918

Description An improper authentication issue exists within Windows NTLM. This flaw allows an authorized attacker to elevate privileges over a network. The vulnerability relates to deficiencies in the authentication procedure of the NTLM protocol. Exploitation may allow a remote attacker to elevate their privileges. The vulnerability allows for reflection of RPC to LDAPS from a standard user to a domain administrator. The issue was addressed by ensuring the Message Integrity Check (MIC) is always calculated, even if Type3 is empty.

Recommendations Apply the fix included in CVE-2025-54918.

Fix

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2025-11053

CVE-2025-54918

Affected Products

Windows

CVE-2025-54918

Weakness Enumeration

Related Identifiers

Affected Products

References · 24