CVE-2025-26670
Published: 08 April 2025
Summary
CVE-2025-26670 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 20.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-26670 is a use-after-free vulnerability in the Windows implementation of LDAP (Lightweight Directory Access Protocol). The flaw is tracked under CWE-416 and carries a CVSS 3.1 base score of 8.1, reflecting network attack vectors with high complexity but no required privileges or user interaction.
An unauthenticated attacker can send specially crafted LDAP traffic over the network to trigger the flaw, resulting in arbitrary code execution on the target system with full confidentiality, integrity, and availability impact.
The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26670 provides patch information and mitigation guidance for affected Windows versions.
EPSS scores remain low, with a current value of 0.0118 and a peak of 0.0155.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10213
Vulnerability details
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.