CVE-2025-26685

Published May 13, 2025

Last updated 10 months ago

CVSS medium 6.5
Microsoft Defender

Overview

Description
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
defender_for_identity

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-287

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #activedirectory Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation https://t.co/pRVkfOk0rV

    @Komodosec

    21 Jul 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #Red_Team_Tactics 1. Spoofing to Elevate Privileges with MS Defender for Identity (CVE-2025-26685) https://t.co/6x7n6vE4KB 2. Breaking KASLR on Win11 24H2 using an HVCI-compatible Driver with Physical Memory Access https://t.co/6MPNY5Xyaj 3. Primitive Injection - Breaking the

    @ksg93rd

    24 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Microsoft Defender for IdentityセンサーにおけるAD環境での権限昇格の脆弱性CVE-2025-26685について。標的システムに成りすましてSAM-Rプロトコルを操作することでMDIから攻撃者のマシンに認証させられる。NetNTLMハッシ

    @__kokumoto

    15 Jun 2025

    1177 Impressions

    4 Retweets

    8 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  4. NetSPIは、Microsoft Defender for Identity(MDI)における脆弱性CVE-2025-26685を報告した。単独では悪用困難だが、他の脆弱性と組み合わせることでActive Directoryへの権限昇格が可能になる。 この脆弱性は、MDIセンサーがSA

    @yousukezan

    15 Jun 2025

    806 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  5. A spoofing flaw (CVE-2025-26685) in Microsoft Defender for Identity, combined with other vulnerabilities, enables unauthenticated privilege escalation to Active Directory. #MicrosoftDefender #MDI #Cybersecurity #PrivilegeEscalation #ActiveDirectory https://t.co/gVH04Mzc2r

    @the_yellow_fall

    15 Jun 2025

    333 Impressions

    0 Retweets

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. 🗣️ Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation https://t.co/mO6dVjbf8V

    @fridaysecurity

    15 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A new Microsoft Defender flaw (CVE-2025-26685) allows attackers to obtain Net-NTLM hashes and escalate privileges via Lateral Movement Paths and SMB null sessions. Proper sensor migration is crucial. 🔐 #CyberAlert #WindowsSecurity #US https://t.co/AbNGcaqXl8

    @TweetThreatNews

    14 Jun 2025

    95 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-26685 lets attackers spoof Microsoft Defender & grab NTLM hashes via Lateral Movement Paths, leading to AD compromise. 👀 Unauthenticated. Local. Dangerous. At Paxion Cyber, we secure infrastructure with advanced detection & protocol hardening. #Cybersecurity

    @PaxionCyber

    13 Jun 2025

    36 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A spoofing vulnerability in Microsoft Defender for Identity (CVE-2025-26685) allows attackers to capture Net-NTLM hashes of Directory Service Accounts, enabling privilege escalation in Active Directory environments. 🚨 #CVE2025 #Microsoft #USA https://t.co/DEXTLgJILR

    @TweetThreatNews

    12 Jun 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. While the fix has been out for about a month, Joshua at @NetSPI just released a blog outlining an interesting issue (CVE-2025-26685) that he found with Microsoft Defender for Identity - https://t.co/4CGM2VAeJq

    @kfosaaen

    12 Jun 2025

    891 Impressions

    5 Retweets

    7 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  11. Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: https://t.co/mQGrn7tDNo https://t.co/tGYjBPsXf

    @NetSPI

    12 Jun 2025

    319 Impressions

    2 Retweets

    4 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-26685

    @transilienceai

    27 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-26685

    @transilienceai

    19 May 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-26685

    @transilienceai

    16 May 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-26685

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2025-26685 Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. https://t.co/W8MZUffGaW

    @CVEnew

    13 May 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.