Denial of Service Vulnerability in Windows LDAP by Microsoft
CVE-2025-26673

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
8 April 2025

Summary

An uncontrolled resource consumption vulnerability has been identified in Windows LDAP, a component integral to directory services. This flaw allows unauthorized attackers to exploit the protocol, potentially leading to a denial of service scenario over the network. Successful exploitation may result in the targeted system becoming unresponsive due to excessive resource utilization, impacting availability and functionality. It's crucial for users to be aware of this vulnerability and apply necessary mitigations to protect their systems.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20978

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7970

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7137

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.