Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD).
“The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher Yuval Gordon said in a report shared with The Hacker News.
“This issue likely affects most organizations that rely on AD. In 91% of the environments we examined, we found users outside the domain admins group that had the required permissions to perform this attack.”
What makes the attack pathway notable is that it leverages a new feature called Delegated Managed Service Accounts (dMSA) that allows migration from an existing legacy service account. It was introduced in Windows Server 2025 as a mitigation to Kerberoasting attacks.
Source: The hacker news / Dark reading / Securityweek / Helpnet security / Akamai blog
Link: https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html
Link: https://www.securityweek.com/akamai-microsoft-disagree-on-severity-of-unpatched-badsuccessor-flaw/
Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts
Cybersecurity researchers have uncovered multiple critical security vulnerabilities impacting the Versa Concerto network security and SD-WAN orchestration platform that could be exploited to take control of susceptible instances.
It’s worth noting that the identified shortcomings remain unpatched despite responsible disclosure on February 13, 2025, prompting a public release of the issues following the end of the 90-day deadline.
“These vulnerabilities, when chained together, could allow an attacker to fully compromise both the application and the underlying host system,” ProjectDiscovery researchers Harsh Jaiswal, Rahul Maini, and Parth Malhotra said in a report shared with The Hacker News.
The security defects are listed below –
- CVE-2025-34025 (CVSS score: 8.6) – A privilege escalation and Docker container escape vulnerability that’s caused by unsafe default mounting of host binary paths and could be exploited to gain code execution on the underlying host machine
- CVE-2025-34026 (CVSS score: 9.2) – An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to access heap dumps and trace logs by exploiting an internal Spring Boot Actuator endpoint via CVE-2024-45410
- CVE-2025-34027 (CVSS score: 10.0) – An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to achieve remote code execution by exploiting an endpoint related to package uploads (“/portalapi/v1/package/spack/upload”) via arbitrary file writes
Successful exploitation of CVE-2025-34027 could allow an attacker to leverage a race condition and write malicious files to disk, ultimately resulting in remote code execution using LD_PRELOAD and a reverse shell.
Source: The hacker news / Bleeping computer / Infosecurity magazine
Link: https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html
Link: https://www.infosecurity-magazine.com/news/critical-zerodays-versa-networks/
The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset about how enterprises approach security testing.
Over the past year, 45% of enterprises expanded their security technology stacks, with organizations now managing an average of 75 different security solutions.
Yet despite these layers of security tools, 67% of U.S. enterprises experienced a breach in the past 24 months. The growing number of deployed tools has a few effects on the daily operation and the overall cyber posture of the organization.
Although it seems obvious, the findings tell a clear story – more security tools do mean better security posture. However, there is no silver bullet. Among organizations with fewer than 50 security tools, 93% reported a breach. That percentage steadily declines as stack size increases, dropping to 61% among those using more than 100 tools.
Source: The hacker news
Link: https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html
Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks
A threat actor that exploited two Ivanti zero-day vulnerabilities earlier this month was behind previous zero-day attacks on other edge devices.
Ivanti last week disclosed that two vulnerabilities in its Endpoint Manager Mobile (EPMM) VPN product had been chained together for remote code execution (RCE) attacks. The flaws include CVE-2025-4427, a medium-severity authentication bypass vulnerability, and CVE-2025-4428, a high-severity RCE vulnerability in EPMM.
The Cybersecurity and Infrastructure Security Agency (CISA) added the two CVEs to its Known Exploited Vulnerabilities catalog on Monday. Researchers at Wiz on Tuesday published a blog post that warned of ongoing exploitation activity against the Ivanti vulnerabilities and detailed connections to attacks on other edge devices, most notably Palo Alto Networks’ firewalls.
The pattern of threat activity heightens risks to enterprises and further illustrates that edge devices continue to be a popular and lucrative target for a variety of threat actors.
Source: Dark reading / Securityweek
Link: https://www.securityweek.com/wiz-warns-of-ongoing-exploitation-of-recent-ivanti-vulnerabilities/
Pen Testing for Compliance Only? It’s Time to Change Your Approach
Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected.
This situation isn’t theoretical: it plays out repeatedly as organizations realize that point-in-time compliance testing can’t protect against vulnerabilities introduced after the assessment. According to Verizons 2025 Data Breach Investigation Report, the exploitation of vulnerabilities rose 34% year-over-year. While compliance frameworks provide important security guidelines, companies need continuous security validation to identify and remediate new vulnerabilities before attackers can exploit them.
Here’s what you need to know about pen testing to meet compliance standards — and why you should adopt continuous penetration testing, if your penetration testing goals go beyond minimum standards.
Source: The hacker news
Link: https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html