Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-27740
CVE-2025-27740:
vulnerability analysis and mitigation
Overview
CVE-2025-27740 is a vulnerability in Windows Active Directory Certificate Services that was disclosed on April 8, 2025. The vulnerability allows an authorized attacker to elevate privileges over a network through weak authentication mechanisms. Microsoft has assigned this vulnerability a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).
Technical details
The vulnerability is classified as CWE-1390 (Weak Authentication) and has been assigned a high severity rating with a CVSS base score of 8.8. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).
Impact
The vulnerability can result in privilege elevation over a network, potentially allowing attackers to gain elevated access to system resources. Given the high CVSS metrics for confidentiality, integrity, and availability, successful exploitation could lead to significant system compromise (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management