Improper Authentication Vulnerability in Windows NTLM by Microsoft
CVE-2025-54918

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 September 2025

Badges

📈 Score: 991👾 Exploit Exists🟡 Public PoC

What is CVE-2025-54918?

CVE-2025-54918 is a notable vulnerability found in the Windows NTLM (NT LAN Manager) authentication protocol developed by Microsoft. This vulnerability manifests as an improper authentication issue, which means that the protocol may not correctly verify the identity of users or systems. When exploited, this flaw enables an authorized attacker to gain elevated privileges, potentially granting them unauthorized access to sensitive information and the ability to perform actions across the network without permission. This can severely compromise the integrity and security of an organization's IT environment.

The implications of such a vulnerability are significant, especially given that many enterprises rely on NTLM for authentication in legacy systems and various Windows environments. An attacker exploiting this vulnerability could manipulate system functions, access restricted data, or navigate through network defenses, posing a serious threat to organizational operations.

Potential impact of CVE-2025-54918

Privilege Escalation: The primary risk associated with CVE-2025-54918 is the potential for privilege escalation. Unauthorized users can exploit this flaw to elevate their access rights on the network, allowing them to interact with resources normally inaccessible to them. This could lead to unauthorized actions such as data alteration, deletion, or theft.
Network Compromise: Exploitation of this vulnerability can lead to broader network compromise. An attacker with elevated privileges may move laterally within the network, compromising additional systems and escalating the severity of the attack. This enhances the likelihood of extensive damage across the organization, potentially affecting critical infrastructure.
Data Breaches: With elevated privileges, attackers could access sensitive organizational data, leading to data breaches. This poses significant compliance and reputational risks for organizations, as sensitive information may be stolen or leaked, impacting customer trust and potentially resulting in financial penalties.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21128

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8422

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7792

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-54918-POC
Created by Wh0am123

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 13, 2026
👾
Exploit known to exist
Jan 13, 2026
Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jul 31, 2025

JSON