CVE-2025–21293 Alert: Active Directory Privilege Escalation Exploit Goes Public
1 min read
Summary
A newly-discovered Active Directory vulnerability, known as CVE-2025-21293, is causing alarm in the cybersecurity world due to the availability of a proof-of-concept exploit.
This vulnerability allows an attacker to escalate privileges to SYSTEM level, which could give them significant control over enterprise networks.
Whilst many elements of a hack are required to exploit this flaw, once inside a network, an attacker could potentially gain access to domain controllers.
Microsoft has yet to release a patch for the flaw, which was first reported in July, although some alternative workarounds have been suggested by cybersecurity companies.
This comes hot on the heels of another serious vulnerability in Microsoft Outlook, CVE-2025-21298, discovered earlier in the month, for which a patch is also awaited.