Platform
windows
Component
windows-kerberos
Opgelost in
10.0.26100.4946
10.0.26100.4946
CVE-2025-53779 describes a relative path traversal vulnerability discovered in Windows Kerberos. This flaw allows an authenticated attacker to potentially escalate their privileges within a network environment. The vulnerability impacts Windows versions 10.0.26100.0 through 10.0.26100.4946. Microsoft has released a security update to address this issue.
The path traversal vulnerability in Windows Kerberos allows an attacker who has already gained some level of access to the system to manipulate file paths. By crafting malicious requests, an attacker can potentially access files and directories outside of the intended scope, leading to privilege escalation. This could enable an attacker to read sensitive configuration files, modify system settings, or even execute arbitrary code with elevated privileges. The impact is particularly severe in domain environments where an attacker could leverage this vulnerability to compromise other systems and gain broader network access. Successful exploitation could lead to data breaches, system disruption, and complete compromise of the affected network.
CVE-2025-53779 was published on August 12, 2025. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation. Active campaigns exploiting this vulnerability are not currently known.
Organizations heavily reliant on Kerberos authentication, particularly those with legacy systems or complex domain configurations, are at higher risk. Environments with weak access controls or insufficient network segmentation are also more vulnerable. Systems with outdated Kerberos configurations or those that have not been regularly patched are particularly susceptible to exploitation.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -MessageText '*\\'"• windows / supply-chain:
Get-Process | Where-Object {$_.Path -match '\\'} | Select-Object Name, Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.Actions.Path -match '\\'} | Select-Object TaskName, Actions.Pathdisclosure
Exploit Status
EPSS
0.45% (64% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-53779 is to upgrade affected Windows systems to version 10.0.26100.4946 or later, which includes the security fix. If immediate patching is not possible, consider implementing network segmentation to limit the potential blast radius of a successful attack. Review and restrict Kerberos authentication configurations to minimize the attack surface. Monitor network traffic for unusual file access patterns that might indicate exploitation attempts. While a direct WAF rule is unlikely, implementing strict access controls and monitoring Kerberos authentication events can help detect suspicious activity.
Aplique la actualización de seguridad proporcionada por Microsoft para Windows Server 2025. La actualización corrige la vulnerabilidad de elevación de privilegios en Kerberos.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-53779 is a path traversal vulnerability in Windows Kerberos allowing an authenticated attacker to elevate privileges. It affects versions 10.0.26100.0 through 10.0.26100.4946 and has a CVSS score of 7.2 (HIGH).
If you are running Windows versions 10.0.26100.0 to 10.0.26100.4946 and utilize Kerberos authentication, you are potentially affected by this vulnerability. Check your system versions against the affected range.
The recommended fix is to upgrade to Windows version 10.0.26100.4946 or later. If immediate patching is not possible, implement network segmentation and review Kerberos configurations.
As of August 12, 2025, there are no confirmed reports of active exploitation of CVE-2025-53779. However, the vulnerability is publicly known and could be targeted in the future.
Refer to the official Microsoft Security Update Guide for CVE-2025-53779 when it is published. Check the Microsoft Security Response Center website for updates.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.