SMB Server Vulnerability Impacts Microsoft Products
CVE-2025-55234
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 9 September 2025
Badges
What is CVE-2025-55234?
CVE-2025-55234 is a security vulnerability identified in Microsoft’s Server Message Block (SMB) Server, a network file sharing protocol widely used for resource sharing across computers in a network. This vulnerability may allow attackers to conduct relay attacks depending on how the SMB Server is configured, leading to elevation of privilege attacks on users. An attacker exploiting this vulnerability can manipulate authenticated sessions to gain unauthorized access to resources and potentially execute malicious actions within the environment. This poses a considerable risk to organizations, as it undermines the integrity and confidentiality of their networks and sensitive data.
To mitigate this vulnerability, Microsoft has implemented features such as SMB Server signing and Extended Protection for Authentication (EPA). These are designed to bolster security against relay attacks, but their effectiveness is contingent upon proper configuration and prior implementation. Microsoft is advising customers to assess their systems using newly provided auditing capabilities to identify any vulnerabilities before deploying further protective measures.
Potential impact of CVE-2025-55234
-
Elevation of Privilege Attacks: Successful exploitation of this vulnerability could permit attackers to elevate their access privileges within the network, allowing them to perform unauthorized actions and access sensitive information or resources.
-
Increased Risk of Data Breaches: Given the potential for unauthorized access, this vulnerability heightens the likelihood of data breaches, where sensitive organizational data could be exfiltrated or manipulated by malicious actors.
-
Network Integrity Compromise: The ability for attackers to perform relay attacks can destabilize network integrity, leading to a cascade of security issues, increased vulnerability to subsequent attacks, and overall diminished trust in the security framework of the organization.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21128
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8422
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7792
News Articles

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft patched 80 flaws in Sept 2025, including CVE-2025-55234 SMB bug and CVSS 10 Azure risk.
4 weeks ago
References
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved