Important safety vulnerabilities in Microsoft Alternate Server allow attackers to carry out spoofing and tampering assaults over community connections.
The vulnerabilities embrace two Alternate Server flaws (CVE-2025-25007 and CVE-2025-25005) enabling spoofing and tampering assaults, plus a Home windows Graphics Element elevation of privilege vulnerability (CVE-2025-49743) that might facilitate privilege escalation assaults.
Key Takeaways1. CVE-2025-25007/25005 allows community spoofing and tampering assaults.2. CVE-2025-49743 permits SYSTEM entry by way of race situations.3. Microsoft updates launched August 12, 2025 – deploy urgently.
Spoofing and Tampering Vulnerabilities
CVE-2025-25007 represents a spoofing vulnerability in Microsoft Alternate Server attributable to improper validation of the syntactic correctness of enter, categorised below CWE-1286.
This network-based vulnerability requires no privileges or person interplay, incomes a CVSS rating of 5.3 with the assault vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C.
Profitable exploitation permits attackers to spoof incorrect 5322.From electronic mail addresses exhibited to customers, compromising electronic mail authenticity.
The second Alternate vulnerability, CVE-2025-25005, allows tampering assaults by improper enter validation (CWE-20).
With a better CVSS rating of 6.5 and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C, this vulnerability requires low-level privileges however delivers excessive confidentiality impression.
Each Alternate vulnerabilities have an effect on a number of variations, together with Alternate Server 2016 CU23, Alternate Server 2019 CU14/CU15, and Alternate Server Subscription Version RTM.
Home windows Graphics Element Privilege Escalation
CVE-2025-49743 impacts the Home windows Graphics Element and represents a extra complicated assault vector involving concurrent execution utilizing shared assets with improper synchronization.
This vulnerability combines two vital weaknesses: CWE-362 (Race Situation) and CWE-416 (Use After Free), making a harmful privilege escalation alternative with a CVSS rating of 6.7 and a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C.
The vulnerability requires successful a race situation, making the assault complexity “Excessive” however probably granting SYSTEM privileges upon profitable exploitation.
Microsoft’s exploitability evaluation charges this as “Exploitation Extra Doubtless” in comparison with the Alternate vulnerabilities, indicating increased danger regardless of the complicated exploitation necessities.
CVETitleCVSS 3.1 ScoreSeverityCVE-2025-25007Microsoft Alternate Server Spoofing Vulnerability5.3ImportantCVE-2025-25005Microsoft Alternate Server Tampering Vulnerability6.5ImportantCVE-2025-49743Windows Graphics Element Elevation of Privilege Vulnerability6.7Important
Mitigations
Microsoft launched coordinated safety updates addressing all three vulnerabilities throughout affected platforms.
Server updates embrace KB5063221, KB5063222, KB5063223, and KB5063224, whereas Home windows methods obtain updates starting from legacy Home windows Server 2008 to the newest Home windows 11 Model 24H2 and Home windows Server 2025.
The Home windows Graphics vulnerability impacts an in depth vary of methods, together with Home windows 10 variations 1607-22H2, Home windows 11 variations 22H2- 24H2, and Home windows Server variations 2008-2025.
Organizations ought to prioritize speedy patch deployment given the mix of network-based Alternate assaults and native privilege escalation capabilities that might allow refined multi-stage assaults in opposition to enterprise infrastructure.
Increase your SOC and assist your crew defend your online business with free top-notch menace intelligence: Request TI Lookup Premium Trial.
