CVE-2025-49735
published 2025-07-08CVE-2025-49735: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25522 | 6.2.9200.25522 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22620 | 6.3.9600.22620 |
| microsoft | windows_server_2016 | < 10.0.14393.8148 | 10.0.14393.8148 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.8148 | 10.0.14393.8148 |
| microsoft | windows_server_2019 | < 10.0.17763.7434 | 10.0.17763.7434 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7434 | 10.0.17763.7434 |
| microsoft | windows_server_2022 | < 10.0.20348.3807 | 10.0.20348.3807 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3807 | 10.0.20348.3807 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1665 | 10.0.25398.1665 |
| microsoft | windows_server_2025 | < 10.0.26100.4349 | 10.0.26100.4349 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26200.4349 | 10.0.26200.4349 |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
Microsoft
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
vendor_msrc·2025-07-08·CVSS 8.1
CVE-2025-49735 [HIGH] CWE-416 Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
Description: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
FAQ: Are all Windows Servers affected by this vulnerability?
This vulnerability only affects Windows Servers that are configured as a [MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol server. Domain controllers are not affected.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: How could an attacker exploit this vulnerability?
An unauthenticated attacker could use a specially crafted application to leverage a cr
GHSA
GHSA-hq3j-8wc4-4985: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network
ghsa_unreviewed·2025-07-08
CVE-2025-49735 [HIGH] CWE-416 GHSA-hq3j-8wc4-4985: Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review | Qualys
blogs_qualys·2025-07-08
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2025
- Adobe Patches for July 2025
- Zero-day Vulnerability Patched in July Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Audit
- Microsoft July 2025 Patch Tuesday Mitigations
- Qualys Monthly Webinar Series
With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a
Talos
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-07-08·CVSS 8.4
[HIGH] Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 14 "critical" entries, 11 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including KDC Proxy service, Microsoft Office and SharePoint server.
CVE-2025-49735 is an RCE vulnerability in Windows KDC Proxy Service (KPSSVC) given a CVSS 3.1 score of 8.1. To successfully exploit this vulnerability, an unauthenticated attacker could use a specially-crafted application to leverage a cryptographic protocol vulnerability in KPSSVC to perform RCE ag
Talos
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-07-08·CVSS 8.4
[HIGH] Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”
In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out of 14 "critical" entries, 11 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including KDC Proxy service, Microsoft Office and SharePoint server.
CVE-2025-49735 is an RCE vulnerability in Windows KDC Proxy Service (KPSSVC) given a CVSS 3.1 score of 8.1. To successfully exploit this vulnerability, an unauthenticated attacker could use a specially-crafted appl
Tenable
Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
blogs_tenable·2025-07-08·CVSS 7.5
[HIGH] Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review
blogs_qualys·2025-07-08
Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2025
Adobe Patches for July 2025
Zero-day Vulnerability Patched in July Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Audit
Microsoft July 2025 Patch Tuesday Mitigations
Qualys Monthly Webinar Series
With cybersecurity threats continuing to evolve, Microsoft’s July 2025 Patch Tuesday highlights the need for consistent patching — this month’s release includes key fixes for actively exploited vulnerabilities. Here’s a quick breakdo
Crowdstrike
July 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2025 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2025-07-08
Published