#VU109096 Improper Authentication in Microsoft Defender for Identity - CVE-2025-26685

Cybersecurity Help s.r.o.

Published: 2025-05-13

Vulnerability identifier: #VU109096

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-26685

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Microsoft Defender for Identity
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests in Microsoft Defender for Identity. A remote attacker on the local network can bypass authentication process and perform spoofing attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft Defender for Identity: All versions

External links
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26685

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in Microsoft Defender for Identity