CVE-2025-21376: CVE-2025-21376: Remote Code Execution in Windows LDAP Implementation via Race Con…

1 / 2

CVE-2025-21376: CVE-2025-21376: Remote Code Execution in Windows LDAP Implementation via Race Condition Weakness Chain

DEV Community·CVE Reports·30 days ago

#Zv7wGNff

#security #cve #cybersecurity #software #windows #server

Reading 0:00

15s threshold

CVE-2025-21376: Remote Code Execution in Windows LDAP Implementation via Race Condition Weakness Chain Vulnerability ID: CVE-2025-21376 CVSS Score: 8.1 Published: 2025-02-11 CVE-2025-21376 is a high-severity unauthenticated remote code execution (RCE) vulnerability in the Microsoft Windows Lightweight Directory Access Protocol (LDAP) service. The vulnerability relies on a complex weakness chain consisting of a race condition (CWE-362), which triggers an integer underflow (CWE-191), ultimately resulting in a heap-based buffer overflow (CWE-122). TL;DR Unauthenticated RCE in Windows LDAP requiring a Machine-in-the-Middle (MITM) position. A race condition triggers an integer underflow, leading to a heap buffer overflow. Patched in February 2025 updates.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2025-21376: CVE-2025-21376: Remote Code Execution in Windows LDAP Implementation via Race Condition Weakness Chain