FlagThis

A proof-of-concept (PoC) exploit has been released for CVE-2025-21293, a critical elevation of privilege vulnerability affecting Active Directory Domain Services (AD DS). The vulnerability, patched by Microsoft in its January 2025 security update, allows attackers to escalate privileges to SYSTEM. Sebastian Sadeq Birke of ReTest Security ApS discovered and reported the vulnerability. Birke also published the PoC exploit code on his blog to demonstrate the vulnerability's potential impact.

The vulnerability is rooted in Active Directory’s "Network Configuration Operators" group, a default security group created when setting up on-premises domain controllers. This group, intended to grant control over network interfaces without full administrative rights, was found to have excessive privileges, specifically the ability to create registry subkeys for sensitive services. Microsoft addressed this vulnerability in the January security update released on January 14, 2025, and organizations using Active Directory Domain Services are urged to apply the update promptly to mitigate the risk.

ImgSrc: securityonline.info

References:

• Vulnerability Archives ? Cybersecurity News - Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code - 15h
• SOC Prime Blog - CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services - 15h
• securityonline.info - Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code - 10h
• @jos1264 - PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability - 10h

Classification:

• HashTags: ActiveDirectory PrivilegeEscalation CVE202521293
• Company: Microsoft
• Target: Active Directory environments
• Product: Active Directory Domain Services
• Feature: Active Directory
• Type: Vulnerability
• Severity: Critical