Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
Metrics
Affected Vendors & Products
References
History
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Thu, 10 Jul 2025 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Microsoft
Microsoft windows Server 2008 Microsoft windows Server 2012 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
|
CPEs | cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Microsoft
Microsoft windows Server 2008 Microsoft windows Server 2012 Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 Microsoft windows Server 2022 23h2 Microsoft windows Server 2025 |
Tue, 08 Apr 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 08 Apr 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network. | |
Title | Active Directory Certificate Services Elevation of Privilege Vulnerability | |
Weaknesses | CWE-1390 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: microsoft
Published: 2025-04-08T17:23:20.626Z
Updated: 2025-06-04T17:52:35.417Z
Reserved: 2025-03-06T04:26:08.552Z
Link: CVE-2025-27740

Updated: 2025-04-08T20:01:40.030Z

Status : Analyzed
Published: 2025-04-08T18:16:02.653
Modified: 2025-07-10T15:08:52.283
Link: CVE-2025-27740

No data.