CVE-2025-65176
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-16

Assigner: MITRE

Description
An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUS_LOGON_FAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the network share while impersonating them. The exploitation of this vulnerability can allow an unprivileged attacker with access to the affected system to perform NTLM relay attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65176
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dynatrace oneagent 1.325.47
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update Dynatrace OneAgent to version 1.325 or later, as this version includes a fix addressing the security issue related to NTLM hash exposure during network share detection. [1]

Executive Summary

This vulnerability exists in Dynatrace OneAgent versions before 1.325.47. When the agent attempts to access a remote network share and encounters a STATUS_LOGON_FAILURE error, it retrieves every user token on the machine and repeatedly tries to access the network share while impersonating those users. This behavior can be exploited by an unprivileged attacker with access to the affected system to perform NTLM relay attacks. [1]

Impact Analysis

The vulnerability can allow an unprivileged attacker who has access to the affected system to perform NTLM relay attacks. This means the attacker could potentially impersonate other users on the machine to gain unauthorized access to network resources, leading to possible data breaches or unauthorized actions within the network. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart