CVE-2025-26673

Q: What is the severity of CVE-2025-26673?

CVE-2025-26673 has a CVSS score of 7.5 (HIGH). This vulnerability allows an unauthorized attacker to cause a denial of service (DoS) on Windows systems by exploiting uncontrolled resource consumption in the LDAP service. Attackers can send specially crafted requests that exhaust system resources, making LDAP services unavailable. All Windows systems running vulnerable LDAP implementations are affected.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows an unauthorized attacker to cause a denial of service (DoS) on Windows systems by exploiting uncontrolled resource consumption in the LDAP service. Attackers can send specially crafted requests that exhaust system resources, making LDAP services unavailable. All Windows systems running vulnerable LDAP implementations are affected.

💻 Affected Systems

Products:

Windows LDAP implementation

Versions: Specific Windows versions as listed in Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with LDAP services

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with LDAP services enabled and exposed to network are vulnerable. Domain controllers and systems using LDAP for authentication are particularly at risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete LDAP service outage across the network, preventing authentication, directory lookups, and other LDAP-dependent services, potentially causing widespread operational disruption.

🟠

Likely Case

Targeted LDAP service degradation or outage affecting specific servers, disrupting authentication and directory services for dependent applications.

🟢

If Mitigated

Limited impact with proper network segmentation and rate limiting, potentially causing temporary performance degradation but not complete service failure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to LDAP services but no authentication. Exploitation involves sending resource-intensive LDAP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673

Restart Required: Yes

Instructions:

1. Review Microsoft Security Update Guide for affected versions. 2. Download and install the appropriate security update from Windows Update or Microsoft Update Catalog. 3. Restart affected systems as required.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to LDAP services to only trusted sources using firewalls or network security groups.

Rate Limiting

all

Implement network-level rate limiting for LDAP traffic to prevent resource exhaustion attacks.

🧯 If You Can't Patch

Implement strict network access controls to limit LDAP exposure to only necessary systems
Monitor LDAP service performance and resource usage for signs of attack

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for the specific security update KB number mentioned in Microsoft advisory

Check Version:

wmic os get version, buildnumber, csdversion

Verify Fix Applied:

Verify the security update is installed via Windows Update history or by checking system version

📡 Detection & Monitoring

Log Indicators:

Unusual LDAP request patterns
High LDAP service resource usage
LDAP service failures or restarts

Network Indicators:

High volume of LDAP requests from single sources
Unusual LDAP query patterns

SIEM Query:

source="windows" AND (event_id=4625 OR event_id=4771) AND ldap* | stats count by src_ip dest_ip

📊 Metadata

CVE ID: CVE-2025-26673

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 46.17% exploit probability (97.6th percentile)

Published: April 8, 2025

Last Updated: July 9, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26673 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities