AI description
CVE-2025-58726 is a privilege escalation vulnerability affecting Windows SMB servers. It stems from improper access control in the Windows SMB Server, allowing an attacker to elevate privileges over a network. The vulnerability can be exploited by combining misconfigured Service Principal Names (SPNs) with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines. The attack involves capturing authentication requests from victim machines and reflecting them back to the same service. This tricks domain-joined machines into authenticating to attacker-controlled endpoints. By creating a DNS entry for a Ghost SPN pointing to their controlled IP address, attackers redirect authentication attempts, ultimately gaining remote code execution with SYSTEM privileges. Microsoft released patches for this vulnerability in October 2025.
- Description
- Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
⚠️CVE-2025-58726 (Windows SMB) — Privilege Escalation Alert⚠️ CVE-2025-58726 is a vulnerability in the Windows SMB server caused by improper access controls, allowing an authenticated attacker to gain elevated privileges on the network. (CVSS: 7.5) Mitigation:Apply patc
@CriminalIP_US
7 Nov 2025
389 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-58726 (Windows SMB) — 권한 상승 경고 CVE-2025-58726은 Windows SMB 서버의 부적절한 접근 제어로 인해 권한 있는 공격자가 네트워크 내에서 높은 권한을 획득할 수 있는 취약점입니다(CVSS 7.5). 즉시 패치 적용, SM
@CriminalIP_KR
7 Nov 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️CVE-2025-58726(Windows SMB) — 権限昇格の脆弱性警報 不適切なアクセス制御により、権限を持つ攻撃者がネットワーク内で高い権限を取得する恐れがあります。直ちにパッチ適用・SMBの外部アクセス遮断・
@CriminalIP_JP
6 Nov 2025
109 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WindowsのSMBサーバ権限 昇格脆弱性 CVE-2025-58726とGhost SPN/Kerberosリフレクションで権限奪取が出来る https://t.co/Fn99VM9loI #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
@securityLab_jp
5 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-58726: An improper access control flaw in Windows SMB Server could allow an authorized attacker to gain elevated privileges over a network. Search by vul.cve Filter👉vul.cve="CVE-2025-58726" ZoomEye Dork👉os="windows" Over 203.9m results. ZoomEye Link: https
@zoomeye_team
4 Nov 2025
9889 Impressions
32 Retweets
122 Likes
47 Bookmarks
1 Reply
0 Quotes
Windowsの新たな脆弱性「CVE-2025-58726」が公開された。攻撃者は低権限アカウントからKerberos認証の反射を悪用し、SYSTEM権限を遠隔で取得できる。この問題はSMB署名を強制していない全Windowsに影響し、Microsoftは2025
@yousukezan
4 Nov 2025
935 Impressions
0 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
【Active Directory権限昇格】MicrosoftがWindows環境で深刻な権限昇格脆弱性(CVE-2025-58726、CVSS 8.8)に対処した。「Ghost SPN」と呼ばれるDNS解決できないサービス主体名とKerberosリフレクション攻撃を組み合わせること
@nakajimeeee
30 Oct 2025
8916 Impressions
30 Retweets
111 Likes
79 Bookmarks
0 Replies
1 Quote
ドメイン参加環境のWindowsでSYSTEM権限を奪取される恐れがある脆弱性が発見され、Microsoftが修正を公開した。Kerberos認証を悪用する反射攻撃により、攻撃者は低権限からでも完全な管理権限を得られる可能性が
@yousukezan
30 Oct 2025
8965 Impressions
33 Retweets
126 Likes
80 Bookmarks
0 Replies
1 Quote
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: https://t.co/KnuLXeNLUc 🙃
@decoder_it
29 Oct 2025
9215 Impressions
62 Retweets
121 Likes
60 Bookmarks
2 Replies
0 Quotes
**CVE-2025-58726** is a security flaw identified in the Windows SMB (Server Message Block) Server component. It involves improper access control mechanisms, which can be exploited by an attacker to escalate privileges over a network. The vulnerability is classified as **HIGH
@CveTodo
14 Oct 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899"
}
],
"operator": "OR"
}
]
}
]