CVE-2025-49716: Windows Netlogon Denial of Service Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Unlikely

Patch Tuesday

2025-Jul

Released

2025-07-08

Last Updated

2025-08-18

EPSS Score

22.87% (percentile: 95.9%)

Description

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. What actions do I need to take to be protected from this vulnerability? To mitigate this vulnerability, a code change was made in the July 2025 Windows Security Updates for all other Server platforms from Windows Server 2008 SP2 to Windows Server 2022, inclusive. After this change, some file and print service software can be affected, including Samba. Samba has released an update to accommodate this change. See Samba 4.22.3 - Release Notes for more information. To accommodate scenarios where affected third party software cannot be updated, we released additional configuration capability in the August 2025 Windows Security Update. For more information about the releases and the new modes visit: https://support.microsoft.com/en-us/topic/kb5066014-netlogon-rpc-hardening-cve-2025-49716-38a0bc06-507c-47d4-be0f-ca1acab02c68

Affected Products (17)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (10)

• 5062557
• 5062572
• 5062570
• 5062560
• 5062624
• 5062618
• 5062632
• 5062619
• 5062592
• 5062597

Acknowledgments

Or Yair <a href="https://www.linkedin.com/in/or-yair">Or Yair</a> with <a href="https://www.safebreach.com/">SafeBreach</a>, Shahak Morag <a href="https://www.linkedin.com/in/shahak-morag-6bb51b142/">Shahak Morag</a> with <a href="https://www.safebreach.com/">SafeBreach</a>

Revision History

• 2025-07-08: Information published.
• 2025-08-18: Updated first FAQ to state that CVE-2020-0674 has now been issued to address this vulnerability. This is an informational change only.