// #cve-2026-25177

1 article

Active Directory Privilege Escalation CVE-2026-25177 Added to CISA KEV — Domain Admin Risk via SPN Abuse

CVE-2026-25177, a privilege escalation vulnerability in Active Directory Domain Services patched in March's Patch Tuesday, has been added to CISA's Known Exploited Vulnerabilities catalogue. An authenticated attacker with low-privileged domain credentials can exploit improper SPN and UPN name validation to escalate to domain administrator level. The KEV addition confirms in-the-wild exploitation approximately three weeks after patching was available.

Apr 1, 2026 #active-directory +6