Improper Authentication Vulnerability in Microsoft Defender for Identity
CVE-2025-26685

6.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Microsoft Defender For Identity
Vendor
CVE Published:
13 May 2025

Badges

đź‘ľ Exploit Existsđź“° News Worthy

What is CVE-2025-26685?

A flaw has been identified in Microsoft Defender for Identity where improper authentication mechanisms can be exploited by unauthorized attackers. This vulnerability allows malicious entities to perform spoofing attacks over adjacent networks, potentially compromising sensitive data and system integrity. It is crucial for organizations using Microsoft Defender for Identity to understand the implications of this vulnerability and take necessary precautions to secure their environments.

Affected Version(s)

Microsoft Defender for Identity Unknown

News Articles

favicon imageForbes

Update Windows Now — Microsoft Confirms System Takeover Danger

Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.

favicon imageNetSPI

CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity 

Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit known to exist

  • đź“°

    First article discovered by NetSPI

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-26685 : Improper Authentication Vulnerability in Microsoft Defender for Identity