Tom Kahana

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

October 22, 2025

Tom Kahana Next-Gen Identity Security

In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from […]

    Created with Sketch.
    See CrowdStrike Falcon® in Action

    Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection.

    See Demo