AI description
CVE-2025-26685 is an improper authentication vulnerability affecting Microsoft Defender for Identity. It allows an unauthorized attacker on an adjacent network to perform spoofing. Specifically, an unauthenticated attacker with local network access can coerce and capture the Net-NTLM hash of the Directory Service Account (DSA) associated with the MDI sensor. This vulnerability abuses the Lateral Movement Paths (LMPs) feature. By initiating a connection to a Domain Controller, an attacker can trigger the MDI sensor to authenticate and query the attacker's system for members of the Local Administrators group. This can lead to the attacker gathering information about the domain and potentially escalating privileges in Active Directory environments.
- Description
- Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-287
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Microsoft Defender for IdentityセンサーにおけるAD環境での権限昇格の脆弱性CVE-2025-26685について。標的システムに成りすましてSAM-Rプロトコルを操作することでMDIから攻撃者のマシンに認証させられる。NetNTLMハッシ
@__kokumoto
15 Jun 2025
1177 Impressions
4 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
NetSPIは、Microsoft Defender for Identity(MDI)における脆弱性CVE-2025-26685を報告した。単独では悪用困難だが、他の脆弱性と組み合わせることでActive Directoryへの権限昇格が可能になる。 この脆弱性は、MDIセンサーがSA
@yousukezan
15 Jun 2025
806 Impressions
0 Retweets
4 Likes
1 Bookmark
1 Reply
0 Quotes
A spoofing flaw (CVE-2025-26685) in Microsoft Defender for Identity, combined with other vulnerabilities, enables unauthenticated privilege escalation to Active Directory. #MicrosoftDefender #MDI #Cybersecurity #PrivilegeEscalation #ActiveDirectory https://t.co/gVH04Mzc2r
@the_yellow_fall
15 Jun 2025
333 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
🗣️ Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation https://t.co/mO6dVjbf8V
@fridaysecurity
15 Jun 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new Microsoft Defender flaw (CVE-2025-26685) allows attackers to obtain Net-NTLM hashes and escalate privileges via Lateral Movement Paths and SMB null sessions. Proper sensor migration is crucial. 🔐 #CyberAlert #WindowsSecurity #US https://t.co/AbNGcaqXl8
@TweetThreatNews
14 Jun 2025
95 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26685 lets attackers spoof Microsoft Defender & grab NTLM hashes via Lateral Movement Paths, leading to AD compromise. 👀 Unauthenticated. Local. Dangerous. At Paxion Cyber, we secure infrastructure with advanced detection & protocol hardening. #Cybersecurity
@PaxionCyber
13 Jun 2025
36 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A spoofing vulnerability in Microsoft Defender for Identity (CVE-2025-26685) allows attackers to capture Net-NTLM hashes of Directory Service Accounts, enabling privilege escalation in Active Directory environments. 🚨 #CVE2025 #Microsoft #USA https://t.co/DEXTLgJILR
@TweetThreatNews
12 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
While the fix has been out for about a month, Joshua at @NetSPI just released a blog outlining an interesting issue (CVE-2025-26685) that he found with Microsoft Defender for Identity - https://t.co/4CGM2VAeJq
@kfosaaen
12 Jun 2025
891 Impressions
5 Retweets
7 Likes
5 Bookmarks
0 Replies
0 Quotes
Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: https://t.co/mQGrn7tDNo https://t.co/tGYjBPsXf
@NetSPI
12 Jun 2025
319 Impressions
2 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26685
@transilienceai
27 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26685
@transilienceai
19 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26685
@transilienceai
16 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26685
@transilienceai
16 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-26685 Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. https://t.co/W8MZUffGaW
@CVEnew
13 May 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_identity:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8FA2658-B73C-4350-B0E4-4567CAD3DAF7"
}
],
"operator": "OR"
}
]
}
]