CVE-2025-60704
HIGHDescription
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
Is your site exposed to CVE-2025-60704?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | windows_10_1607 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_21h2 |
| microsoft | windows_10_22h2 |
| microsoft | windows_11_23h2 |
| microsoft | windows_11_24h2 |
| microsoft | windows_11_25h2 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2016 |
| microsoft | windows_server_2019 |
| microsoft | windows_server_2022 |
| microsoft | windows_server_2022_23h2 |
| microsoft | windows_server_2025 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-60704? +
How severe is CVE-2025-60704? +
What products are affected by CVE-2025-60704? +
How do I check if I'm vulnerable to CVE-2025-60704? +
Related Vulnerabilities
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp …
ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares …
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This …
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to …
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum …
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to …