CVE-2025-21293 Active Directory Domain Services Elevation of Privilege Vulnerability

Sky-Knight

Well-Known Member
Reaction score
5,536
Location
Arizona
Anyone with 2012 or older DCs left in their environment, this bug means AD may as well not exist.


Also, to be clear the CVE talks about AD, but it's actually a bug with the permissions associated with the Network Configuration Operators Group. This is a default group on all Windows systems, and this situation allows for an escalation to System privileges, and from there to root.

Picus has a solid write up on it: https://www.picussecurity.com/resou...rvices-cve-2025-21293-vulnerability-explained

But the super short version is, any Windows systems that are not patched as of Feb 2025 are vulnerable in such a way as to invalidate any user access controls at all.

Please, patch your stuff.
Please alert your customers.
Yes, my SOC is seeing this exploited in the wild.

Note: There is an update roll up for Windows Server 2012, but you have to be enrolled in ESU to get it.
 
Sounds like the user already needs to be a member of Network Configuration Operators in order to exploit
 
Back
Top