AI description
CVE-2025-29809 is a security vulnerability affecting Windows Kerberos. It stems from the insecure storage of sensitive information, which could allow an authorized attacker to bypass security features locally. Successful exploitation of this vulnerability could allow a local attacker to leak Kerberos credentials. If Virtualization-Based Security (VBS) is in use, redeployment with an updated policy may be necessary after patching.
- Description
- Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-922
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
27
Microsoft patched critical vulnerabilities (CVE-2025-21299, CVE-2025-29809) in Q1 2025. NetSPI research reveals Kerberos canonicalization bypasses Hyper-V isolation of credentials, compromising Windows security. Read the full article: https://t.co/VW67Jri6ve https://t.co/Nh3YD
@NetSPI
16 Apr 2025
13116 Impressions
29 Retweets
61 Likes
22 Bookmarks
0 Replies
2 Quotes
اگر Active Directory داری ، سریع باش. به تازگی برای پروتکل kerberos در اکتیو دایرکتوری ویندوز ، آسیب پذیری خطرناکی با کد شناسایی CVE-2025-29809 منتشر شده است که به هکرها امکان دور زدن و bypass کردن مکانیزم ها و فیچر های امنیتی را می دهد. https://t.co/Poz3aKY03t https://t.co/wNnm
@AmirHossein_sec
11 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Urgent : Mise à jour de sécurité Windows ! Une faille critique (CVE-2025-29809) dans Kerberos (Windows) permet le vol d'identifiants. 🔓 Risque : Contournement des protections + accès réseau non autorisé 🛡️Solution : Installez VITE la mise à jour d'avril 2025! https://t.co/
@ecsi_maroc
10 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft patches critical Windows Kerberos vulnerability (CVE-2025-29809) allowing security feature bypass and credential access. Apply updates promptly to secure your systems. #CyberSecurity #Windows #Kerberos https://t.co/rDWfTWFwXy
@dailytechonx
9 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29809: Kerberos strikes again. Local attackers w/ low privs can bypass Defender Credential Guard & leak creds via insecure storage. No UI, low complexity. Patch dropped, but some Win10 boxes still waiting. Credential theft = lateral movement gold. https://t.co/9pfcMJ
@CareWeDoNot
9 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフトは、WindowsのKerberosに存在する重大な脆弱性(CVE-2025-29809)へのパッチを2025年4月の「Patch Tuesday」で公開した。 この脆弱性は、認証情報の不適切な保存により、攻撃者がWindows Defender Credential Guardを回避し、Kerberos認証情報を漏洩させる可能性があるものである。
@yousukezan
9 Apr 2025
698 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-29809 Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. https://t.co/0hWDIrQIqu
@CVEnew
8 Apr 2025
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes