AI description
CVE-2025-54918 is an improper authentication vulnerability found within the Windows NTLM (NT LAN Manager) protocol. This flaw allows an authorized attacker, who already possesses low-level privileges, to elevate their access over a network. The vulnerability can lead to unauthorized access to sensitive resources, potential execution of arbitrary code with higher privileges, manipulation of system configurations, or disruption of system availability. This vulnerability impacts various versions of Microsoft Windows, including Windows 10, Windows 11, and several Windows Server editions (2008, 2012, 2016, 2019, 2022, and 2025). Specifically, it can affect domain controllers running LDAP or LDAPS services, enabling an attacker to escalate privileges from a standard domain user to SYSTEM level access, potentially compromising entire Active Directory environments. Publicly available proof-of-concept exploits exist for this vulnerability.
- Description
- Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-287
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
14
Lots of recent posts on NTLM reflection → AD compromise. To be clear: real fix is CVE-2025-54918, not CVE-2025-33073. Until Oct 2025, any user could own a 2025 domain if DCs ran Print Spooler. https://t.co/6098AHxhYM
@decoder_it
21 Jan 2026
9363 Impressions
45 Retweets
162 Likes
122 Bookmarks
0 Replies
0 Quotes
Small update on "printerbugnew:" added a description of how to exploit CVE-2025-54918: DCs running 2025 allow reflection RPC->LDAPS - from a standard user to DA before patch😃 https://t.co/MWXfrkZBev
@decoder_it
28 Oct 2025
8803 Impressions
46 Retweets
178 Likes
87 Bookmarks
0 Replies
0 Quotes
في سبتمبر 2025، أصدرت مايكروسوفت تحديثات أمنية ل80+ ثغرة في برامجها، والأنباء الجيدة أنها لم تُستغل بعد. من بين الثغرات المهمة CVE-2025-54918، المتعلق بنظام NTLM. تُن
@Cybereayn
18 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 Patch Tuesday de septembre 2025 : Microsoft corrige 80+ vulnérabilités, aucune n’est exploitée activement. Cependant, certaines comme CVE-2025-54918 et CVE-2025-54912 méritent votre attention. Avez-vous mis à jour vos systèmes récemment ? #cybersécurité #cyberséc
@CyberSentinelle
18 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Among the vulnerabilities, CVE-2025-54918 (NTLM Elevation of Privilege) and CVE-2025-54916 (NTFS Remote Code Execution) stand out. Both are marked as 'Exploitation More Likely.' #RiskManagement
@Cyb3r_5wift
9 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "3C02B817-7D1B-4E29-B9D4-4858F5B870F4",
"versionEndExcluding": "10.0.10240.21128"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "6F5077FC-74E8-4534-9E8E-68BB5DC4C331",
"versionEndExcluding": "10.0.10240.21128"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "CCF6CD9B-8B61-4998-8AB1-98022B96627C",
"versionEndExcluding": "10.0.14393.8422"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "B959975A-0845-4975-987B-33BCE5C5F1BB",
"versionEndExcluding": "10.0.14393.8422"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "DAD249FB-512C-4712-A54C-67283AB359A4",
"versionEndExcluding": "10.0.17763.7792"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "01360CEA-14B5-4566-84ED-D785BD98C78D",
"versionEndExcluding": "10.0.17763.7792"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A6EFA39-1D7C-4663-A412-AA6802FB27E8",
"versionEndExcluding": "10.0.19044.6332"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45F6F341-FC2F-4629-8259-C5F8CC8E2EB3",
"versionEndExcluding": "10.0.19045.6332"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86480500-CDA6-4F8F-9B8C-F3FC77B15F67",
"versionEndExcluding": "10.0.22621.5909"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A6C6080-3904-45F2-897E-F6583DB4A70A",
"versionEndExcluding": "10.0.22631.5909"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E1B4513-36E7-4DCD-96B3-A56184D37C87",
"versionEndExcluding": "10.0.26100.6508"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "705F2D9A-DBA3-45A9-B11E-EBE1E98E43E0",
"versionEndExcluding": "10.0.14393.8422"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07163682-D393-40AF-BEDD-CDD996C941ED",
"versionEndExcluding": "10.0.17763.7792"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFE7D988-2ABE-4833-AFEB-90926E10B8EB",
"versionEndExcluding": "10.0.20348.4106"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "986B3446-8F5A-4D4C-A240-7052ED135E5B",
"versionEndExcluding": "10.0.25398.1849"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7DF196D-36BE-4A48-844E-E1D8405A9E1A",
"versionEndExcluding": "10.0.26100.6508"
}
],
"operator": "OR"
}
]
}
]