NTLM Flaw Lets Hackers Jump From User to System Access

A newly uncovered NTLM flaw lets hackers escalate privileges on systems running LDAP or LDAPS services, according to a report published Oct. 26, 2025. Tracked as CVE-2025-54918, the vulnerability impacts domain controllers and allows attackers to move from a standard domain user role to full SYSTEM-level access.

The security flaw emerged in September 2025 and raises significant concerns for enterprises relying on Windows-based network authentication. By exploiting the NTLM flaw, hackers can bypass LDAP authentication controls, gaining unauthorized access to sensitive systems and data. The vulnerability joins a growing list of critical flaws reported this year, including CVE-2025-61882 and CVE-2025-48384.

CrowdStrike researchers warn that organizations using LDAP should review configurations and apply available mitigations promptly. The discovery underscores the need for continuous monitoring, strong authentication policies, and timely patch management to reduce exposure.

To explore the technical analysis and mitigation guidance, read the full report at
https://www.crowdstrike.com/en-us/blog/analyzing-ntlm-ldap-authentication-bypass-vulnerability/