NTLM Hash Disclosure Spoofing Vulnerability in Microsoft Products
CVE-2025-21377

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
11 February 2025

Badges

📰 News Worthy

What is CVE-2025-21377?

CVE-2025-21377 is a vulnerability identified in Microsoft products, specifically relating to NTLM (Windows NT LAN Manager) hash disclosure spoofing. This vulnerability enables attackers to potentially manipulate NTLM hash values, which can lead to unauthorized access and escalation of privileges within affected systems. As NTLM is widely used for authentication in Windows environments, this issue could have serious implications for organizations relying on Microsoft products for secure access control, paving the way for data breaches and unauthorized system modifications.

Technical Details

The vulnerability arises from a flaw in the implementation of NTLM hashing mechanisms in Microsoft software. Attackers can exploit this weakness to spoof identity and gain unauthorized access by disclosing sensitive NTLM hash information. This technical oversight in handling authentication tokens may allow adversaries to impersonate legitimate users or escalate their access rights without detection. Microsoft has acknowledged this flaw, but no known exploitations in the wild have been noted as of the latest updates.

Potential Impact of CVE-2025-21377

  1. Unauthorized Access: Exploitation of CVE-2025-21377 can lead to attackers gaining unauthorized access to systems and data, compromising the integrity and confidentiality of sensitive information.

  2. Privilege Escalation: Attackers can leverage this vulnerability to escalate their privileges within the network, allowing them to perform actions typically restricted to higher-level users, which may lead to significant security breaches.

  3. Data Breaches: The ability to spoof NTLM hashes increases the risk of data breaches, leading to potential financial loss, legal liabilities, and trust erosion among clients and stakeholders.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20915

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7785

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6893

News Articles

favicon imageKrebs on Security

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Krebs on Security

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-21377 : NTLM Hash Disclosure Spoofing Vulnerability in Microsoft Products | SecurityVulnerability.io