AI description
CVE-2025-21293 is an elevation of privilege vulnerability in Microsoft Active Directory Domain Services. It allows attackers to gain elevated privileges on a system where they already have user-level access. The vulnerability stems from overly permissive access control lists (ACLs) associated with certain registry keys. Specifically, the "Network Configuration Operators" group has the "CreateSubKey" permission on sensitive registry keys. Exploitation of this vulnerability involves manipulating these registry keys, particularly those related to performance counters, to escalate privileges. This vulnerability was discovered by BirkeP while investigating the "Network Configuration Operators" group and its permissions within the registry. The researcher collaborated with Clément Labro, who developed a method to weaponize performance counters for exploitation.
- Description
- Active Directory Domain Services Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
- nvd@nist.gov
- NVD-CWE-noinfo
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
⚠️ PoC exploit released for CVE-2025-21293! ⚠️ A critical privilege escalation vulnerability in Active Directory Domain Services allows attackers to gain SYSTEM-level access. Immediate patching is advised! 🔗 Read more: https://t.co/RInw98C4iX #CyberSecurity #Infosec… https://
@arunpratap786
4 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-21293) in Active Directory could allow privilege escalation to SYSTEM. Discovered by Sebastian Sadeq Birke, organizations should apply the security patch ASAP. 🔒 #ActiveDirectory #Vulnerability #Germany link: https://t.co/aXjAzWl0XL https://t.
@TweetThreatNews
4 Feb 2025
81 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
Active Directory Domain Servicesの特権昇格脆弱性「CVE-2025-21293」が公開され、PoCコードも確認された。この脆弱性は「Network Configuration Operators」グループの過剰な権限設定が原因で、攻撃者はSYSTEM権限を取得可能。 https://t.co/dEPF3iQiS4
@01ra66it
4 Feb 2025
1697 Impressions
4 Retweets
38 Likes
13 Bookmarks
0 Replies
0 Quotes
Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code https://t.co/Pa6sgy5j0N
@Dinosn
4 Feb 2025
12626 Impressions
87 Retweets
271 Likes
126 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-57514: XSS in TP-Link A20 v3 Router - https://t.co/HA0f0sLlHa 2. CVE-2025-21293: AD Domain Services EoP - https://t.co/AwLqPE5vYQ 3. CVE-2025-24118: macOS XNU kernel vulnerability - https://t.co/igtmkN1Gac 4. CVE-2024-8381: SpiderMonkey Interpreter Type… h
@ksg93rd
3 Feb 2025
244 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) CVSS 8.8 Microsoft has released a crucial security patch to address CVE-2025-21293 in Jan 2025 patch Tuesday. This vulnerability was discovered by Sebastian Birke from ReTest Security during a
@RedHatPentester
3 Feb 2025
1431 Impressions
11 Retweets
47 Likes
11 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-56529 2 - CVE-2025-0950 3 - CVE-2025-24118 4 - CVE-2025-21293 5 - CVE-2024-43707 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Feb 2025
21 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) CVSS 8.8 I have added a custom DefenderXDR detection for this vulnerability for SecOps monitoring until infrastructure team able to patch this CVE. 🫡 https://t.co/AEjNrbHtii
@0x534c
2 Feb 2025
14780 Impressions
33 Retweets
190 Likes
217 Bookmarks
2 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-21298 2 - CVE-2025-24118 3 - CVE-2024-57727 4 - CVE-2025-24883 5 - CVE-2025-21293 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Feb 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) via @itm4n #infosec https://t.co/ppV6SnvihL
@dacbarbos
31 Jan 2025
543 Impressions
3 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "D5C2C390-24E9-42C9-84BF-EE28670CAB30",
"versionEndExcluding": "10.0.10240.20890"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "C0B9C790-A26D-4EBD-B5CA-F0C628835A21",
"versionEndExcluding": "10.0.10240.20890"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "DE0F44E5-40C1-4BE3-BBA4-507564182682",
"versionEndExcluding": "10.0.14393.7699"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "83F40BB6-BBAE-4CD4-A5FE-1DAF690101AB",
"versionEndExcluding": "10.0.14393.7699"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "1BB028F9-A802-40C7-97BF-1D169291678F",
"versionEndExcluding": "10.0.17763.6775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "9F077951-8177-4FEE-A49A-76E51AE48CE0",
"versionEndExcluding": "10.0.17763.6775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D64D2C7-51C3-47EB-B86E-75172846F4DF",
"versionEndExcluding": "10.0.19044.5371"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC92CC57-B18C-43C3-8180-9A2108407433",
"versionEndExcluding": "10.0.19045.5371"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D84EDF98-16E1-412A-9879-2C2FEF87FB2B",
"versionEndExcluding": "10.0.22621.4751"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "282E3839-E953-4B14-A860-DBACC1E99AFF",
"versionEndExcluding": "10.0.22631.4751"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78A3F671-95DC-442A-A511-1E875DF93546",
"versionEndExcluding": "10.0.26100.2894"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4426DD-B748-4CC4-AC68-88AD963E5F0C",
"versionEndExcluding": "10.0.14393.7699"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F604C79-6A12-44C9-B69D-A2E323641079",
"versionEndExcluding": "10.0.17763.6775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B8C9C82-359E-4318-A10D-AA47CDFB38FE",
"versionEndExcluding": "10.0.20348.3091"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3E0C061-2DA7-4237-9607-F6792DC92DD3",
"versionEndExcluding": "10.0.25398.1369"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2CFD18D5-3C1F-4E3A-A143-EE3F1FFBB880",
"versionEndExcluding": "10.0.26100.2894"
}
],
"operator": "OR"
}
]
}
]