Cyber Resilience

CVE-2025-53778

High

Published: 12 August 2025

Published
12 August 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0214 84.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53778 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2025-53778 is an improper authentication vulnerability in Windows NTLM, tracked under CWE-287. It affects the NTLM authentication component in Windows and carries a CVSS 3.1 score of 8.8, reflecting network-accessible exploitation with low attack complexity and high impact on confidentiality, integrity, and availability.

An authorized attacker with existing network access can exploit the flaw to elevate privileges, potentially gaining full control over affected systems without user interaction. The attack occurs over the network and does not require the victim to perform any action.

Microsoft has published official guidance through its Security Response Center at the referenced MSRC advisory. Third-party resources also provide detection and mitigation scripts specifically addressing improper authentication in Windows NTLM. The associated EPSS score remains low and unchanged at 0.0214, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper auth bypass in NTLM directly enables remote privilege escalation from low to high privileges on Windows systems.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-54918Same product: Microsoft Windows 10 1507
CVE-2026-24294Same product: Microsoft Windows 10 1607
CVE-2026-26128Same product: Microsoft Windows 10 1607
CVE-2025-21359Same product: Microsoft Windows 10 1507
CVE-2025-21419Same product: Microsoft Windows 10 1507
CVE-2025-21287Same product: Microsoft Windows 10 1507
CVE-2025-24059Same product: Microsoft Windows 10 1507
CVE-2025-55234Same product: Microsoft Windows 10 1507
CVE-2025-47986Same product: Microsoft Windows 10 1507
CVE-2025-21375Same product: Microsoft Windows 10 1507

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21100 · ≤ 10.0.10240.21100
microsoft
windows 10 1607
≤ 10.0.14393.8330 · ≤ 10.0.14393.8330
microsoft
windows 10 1809
≤ 10.0.17763.7678 · ≤ 10.0.17763.7678
microsoft
windows 10 21h2
≤ 10.0.19044.6216
microsoft
windows 10 22h2
≤ 10.0.19045.6216
microsoft
windows 11 22h2
≤ 10.0.22621.5768
microsoft
windows 11 23h2
≤ 10.0.22631.5768
microsoft
windows 11 24h2
≤ 10.0.26100.4851
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of system flaws like the NTLM improper authentication vulnerability through vendor patches and updates.

prevent

Establishes secure configuration settings to disable or restrict use of the vulnerable NTLM protocol, aligning with provided mitigation scripts.

prevent

Mandates robust identification and authentication for organizational users over networks, directly countering the improper authentication in Windows NTLM.

References