Cyber Resilience

CVE-2025-53779

High

Published: 12 August 2025

Published
12 August 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0623 91.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53779 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Microsoft Windows Server 2025. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2025-53779 is a relative path traversal flaw, tracked under CWE-23, that resides in the Windows Kerberos component. It carries a CVSS 3.1 base score of 7.2 with network attack vector, low complexity, and high-privilege requirements.

An authorized attacker can exploit the issue remotely to elevate privileges on the target system, resulting in high impact to confidentiality, integrity, and availability.

Microsoft has published an advisory for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779. The EPSS score remains flat at 0.0623 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2025
≤ 10.0.26100.4851

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References