Cyber Posture

CVE-2025-54918

High

Published: 09 September 2025

Published
09 September 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 41.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54918 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-2 (Identification and Authentication (Organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the improper authentication flaw in Windows NTLM by applying vendor security patches.

CM-6 Configuration Settings good match
prevent

Enforces configuration settings to disable or restrict vulnerable NTLM authentication usage over the network.

IA-2 Identification and Authentication (Organizational Users) good match
prevent

Requires identification and authentication for organizational users using mechanisms that avoid the flawed NTLM protocol.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Improper NTLM authentication enables network-based credential validation bypass by low-privileged attackers, directly facilitating privilege escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

Deeper analysisAI

CVE-2025-54918 is an improper authentication vulnerability (CWE-287) in the Windows NTLM authentication protocol, published on 2025-09-09. It affects Windows systems that rely on NTLM for network authentication, enabling an authorized attacker to bypass proper credential validation.

The vulnerability can be exploited by an attacker with low privileges (PR:L) over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows privilege escalation, resulting in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Microsoft's advisory provides guidance on mitigation and patching; see https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54918 for details.

Details

CWE(s)
CWE-287

Affected Products

microsoft
windows 10 1507
≤ 10.0.10240.21128 · ≤ 10.0.10240.21128
microsoft
windows 10 1607
≤ 10.0.14393.8422 · ≤ 10.0.14393.8422
microsoft
windows 10 1809
≤ 10.0.17763.7792 · ≤ 10.0.17763.7792
microsoft
windows 10 21h2
≤ 10.0.19044.6332
microsoft
windows 10 22h2
≤ 10.0.19045.6332
microsoft
windows 11 22h2
≤ 10.0.22621.5909
microsoft
windows 11 23h2
≤ 10.0.22631.5909
microsoft
windows 11 24h2
≤ 10.0.26100.6508
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-53778Same product: Microsoft Windows 10 1507
CVE-2026-24294Same product: Microsoft Windows 10 1607
CVE-2026-26128Same product: Microsoft Windows 10 1607
CVE-2025-21359Same product: Microsoft Windows 10 1507
CVE-2025-24072Same product: Microsoft Windows 10 1507
CVE-2025-21419Same product: Microsoft Windows 10 1507
CVE-2025-21287Same product: Microsoft Windows 10 1507
CVE-2025-55234Same product: Microsoft Windows 10 1507
CVE-2025-21373Same product: Microsoft Windows 10 1507
CVE-2025-21375Same product: Microsoft Windows 10 1507

References