Improper Authentication Vulnerability in Microsoft Defender for Identity
CVE-2025-26685
What is CVE-2025-26685?
A flaw has been identified in Microsoft Defender for Identity where improper authentication mechanisms can be exploited by unauthorized attackers. This vulnerability allows malicious entities to perform spoofing attacks over adjacent networks, potentially compromising sensitive data and system integrity. It is crucial for organizations using Microsoft Defender for Identity to understand the implications of this vulnerability and take necessary precautions to secure their environments.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft Defender for Identity Unknown
News Articles
ForbesUpdate Windows Now — Microsoft Confirms System Takeover Danger
Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.
NetSPICVE-2025-26685CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity
Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by NetSPI
Vulnerability published
Vulnerability Reserved