AI description
CVE-2025-58726 is a privilege escalation vulnerability affecting Windows SMB servers. It stems from improper access control in the Windows SMB Server, allowing an attacker to elevate privileges over a network. The vulnerability can be exploited by combining misconfigured Service Principal Names (SPNs) with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines. The attack involves capturing authentication requests from victim machines and reflecting them back to the same service. This tricks domain-joined machines into authenticating to attacker-controlled endpoints. By creating a DNS entry for a Ghost SPN pointing to their controlled IP address, attackers redirect authentication attempts, ultimately gaining remote code execution with SYSTEM privileges. Microsoft released patches for this vulnerability in October 2025.
- Description
- Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
- Hype score
- Not currently trending
🚨🚨CVE-2025-58726: An improper access control flaw in Windows SMB Server could allow an authorized attacker to gain elevated privileges over a network. Search by vul.cve Filter👉vul.cve="CVE-2025-58726" ZoomEye Dork👉os="windows" Over 203.9m results. ZoomEye Link: https
@zoomeye_team
4 Nov 2025
8829 Impressions
28 Retweets
103 Likes
38 Bookmarks
1 Reply
0 Quotes
Windowsの新たな脆弱性「CVE-2025-58726」が公開された。攻撃者は低権限アカウントからKerberos認証の反射を悪用し、SYSTEM権限を遠隔で取得できる。この問題はSMB署名を強制していない全Windowsに影響し、Microsoftは2025
@yousukezan
4 Nov 2025
916 Impressions
0 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
【Active Directory権限昇格】MicrosoftがWindows環境で深刻な権限昇格脆弱性(CVE-2025-58726、CVSS 8.8)に対処した。「Ghost SPN」と呼ばれるDNS解決できないサービス主体名とKerberosリフレクション攻撃を組み合わせること
@nakajimeeee
30 Oct 2025
8916 Impressions
30 Retweets
111 Likes
79 Bookmarks
0 Replies
1 Quote
ドメイン参加環境のWindowsでSYSTEM権限を奪取される恐れがある脆弱性が発見され、Microsoftが修正を公開した。Kerberos認証を悪用する反射攻撃により、攻撃者は低権限からでも完全な管理権限を得られる可能性が
@yousukezan
30 Oct 2025
8965 Impressions
33 Retweets
126 Likes
80 Bookmarks
0 Replies
1 Quote
Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: https://t.co/KnuLXeNLUc 🙃
@decoder_it
29 Oct 2025
9215 Impressions
62 Retweets
121 Likes
60 Bookmarks
2 Replies
0 Quotes
**CVE-2025-58726** is a security flaw identified in the Windows SMB (Server Message Block) Server component. It involves improper access control mechanisms, which can be exploited by an attacker to escalate privileges over a network. The vulnerability is classified as **HIGH
@CveTodo
14 Oct 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes