CVE-2025-26673 is a high-severity vulnerability classified under CWE-400 (Uncontrolled Resource Consumption) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability resides in the Lightweight Directory Access Protocol (LDAP) implementation within this Windows version. An unauthorized attacker can exploit this flaw remotely over the network without requiring any privileges or user interaction. By sending specially crafted LDAP requests, the attacker can trigger excessive resource consumption on the target system, leading to denial of service (DoS). This resource exhaustion could manifest as CPU, memory, or other system resource depletion, causing the LDAP service or the entire system to become unresponsive or crash. The CVSS v3.1 base score is 7.5, indicating a high severity level, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H) with no confidentiality or integrity impact. There are no known exploits in the wild yet, and no patches have been linked at the time of publication. The vulnerability was reserved in February 2025 and published in April 2025. Given the critical role of LDAP in enterprise environments for authentication and directory services, this vulnerability poses a significant risk to systems running the affected Windows 10 version, especially in environments where LDAP traffic is exposed or accessible over the network.

For European organizations, this vulnerability could disrupt critical directory services that rely on LDAP, such as Active Directory authentication, user management, and access control. Organizations using Windows 10 Version 1809 in their infrastructure, particularly in legacy systems or environments where upgrades have been delayed, are at risk of service outages. The denial of service could impact business continuity, causing downtime for internal applications and services dependent on LDAP. This could affect sectors with high reliance on Windows-based infrastructure, including government, finance, healthcare, and manufacturing. Additionally, the lack of confidentiality or integrity impact means data breaches are unlikely, but availability disruption can still cause significant operational and financial damage. The ease of exploitation without authentication or user interaction increases the threat level, especially if LDAP services are exposed to untrusted networks or insufficiently segmented internal networks. The absence of known exploits currently provides a window for mitigation before active attacks emerge.

European organizations should prioritize identifying and inventorying systems running Windows 10 Version 1809, especially those exposing LDAP services. Immediate mitigation steps include: 1) Restricting LDAP access via network segmentation and firewall rules to trusted hosts only, minimizing exposure to untrusted networks. 2) Monitoring LDAP traffic for anomalous patterns indicative of resource exhaustion attempts. 3) Applying any available security updates or patches from Microsoft as soon as they are released. 4) If patching is not immediately possible, consider disabling or restricting LDAP services temporarily or implementing rate limiting on LDAP requests to prevent resource exhaustion. 5) Employing intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect exploitation attempts. 6) Planning for upgrade or migration from Windows 10 Version 1809 to supported, patched versions to reduce exposure to this and other vulnerabilities. 7) Conducting regular backups and ensuring incident response plans include scenarios for LDAP service disruption.