CVE-2025-49735: 
vulnerability analysis and mitigation

CVE-2025-49735 is a critical Remote Code Execution (RCE) vulnerability discovered in the Windows KDC Proxy Service (KPSSVC), which enables Kerberos authentication to work over HTTPS. The vulnerability was disclosed on July 8, 2025, affecting Windows servers configured as Kerberos Key Distribution Center (KDC) Proxy Protocol servers (NVD, Lansweeper).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw is classified as a use-after-free vulnerability (CWE-416) that allows an unauthorized attacker to execute code over a network. The vulnerability specifically affects Windows Servers that have been configured as a [MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol server, while domain controllers are not affected (NVD, Tenable).

If successfully exploited, this vulnerability allows an unauthenticated attacker to execute arbitrary code on affected systems. The vulnerability impacts confidentiality, integrity, and availability of the affected systems, as indicated by the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability as part of the July 2025 Patch Tuesday updates. System administrators are urged to apply the latest security updates as soon as possible to secure affected systems (Lansweeper).