CVE-2026-25177
Published: 10 March 2026
Summary
CVE-2026-25177 is a high-severity Improper Restriction of Names for Files and Other Resources (CWE-641) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 34.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-25177 is a vulnerability in Active Directory Domain Services stemming from improper restriction of names for files and other resources, classified under CWE-641. It affects Microsoft Active Directory Domain Services, enabling an authorized attacker to elevate privileges over a network. The issue received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.
An attacker with low privileges, such as an authenticated domain user, can exploit this vulnerability remotely without user interaction. Successful exploitation allows privilege escalation, potentially granting higher-level access within the Active Directory environment and compromising the domain's security.
Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25177 provides details on mitigation strategies and available patches for addressing the vulnerability. Security practitioners should review the update guide promptly to apply relevant fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10647
Vulnerability details
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability description explicitly states that an authenticated domain user can remotely exploit improper resource name restrictions in Active Directory Domain Services to achieve privilege escalation (CVSS impacts on C/I/A), which directly maps to the definition and use of T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the CVE by requiring timely identification, reporting, and remediation of software flaws like improper resource name restrictions in Active Directory Domain Services.
Mandates information input validation at entry points, directly countering the improper restriction of names for files and resources that enables privilege escalation.
Enforces least privilege to limit low-privileged domain users' ability to exploit the naming vulnerability for escalation.