CVE-2025-65176
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynatrace | oneagent | 1.325.47 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Dynatrace OneAgent to version 1.325 or later, as this version includes a fix addressing the security issue related to NTLM hash exposure during network share detection. [1]
Can you explain this vulnerability to me?
This vulnerability exists in Dynatrace OneAgent versions before 1.325.47. When the agent attempts to access a remote network share and encounters a STATUS_LOGON_FAILURE error, it retrieves every user token on the machine and repeatedly tries to access the network share while impersonating those users. This behavior can be exploited by an unprivileged attacker with access to the affected system to perform NTLM relay attacks. [1]
How can this vulnerability impact me? :
The vulnerability can allow an unprivileged attacker who has access to the affected system to perform NTLM relay attacks. This means the attacker could potentially impersonate other users on the machine to gain unauthorized access to network resources, leading to possible data breaches or unauthorized actions within the network. [1]