Improper Access Control in Windows SMB Server by Microsoft
CVE-2025-58726

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 14 October 2025

Badges

📈 Trended📈 Score: 1,670👾 Exploit Exists📰 News Worthy

What is CVE-2025-58726?

CVE-2025-58726 is a critical vulnerability present in the Windows Server Message Block (SMB) protocol developed by Microsoft. This vulnerability is characterized by improper access control mechanisms that enable an authorized attacker to elevate their privileges across a network. The Windows SMB Server plays a vital role in file sharing, printer sharing, and inter-process communication, making it an essential component in many enterprise environments. This flaw could have severe implications for organizations, as it can lead to unauthorized access to sensitive data, manipulation of system configurations, and the potential for lateral movement within networking infrastructure.

Technical details indicate that the improper access control mechanism in the SMB protocol can be exploited by an attacker already possessing certain privileges, allowing them to gain elevated access rights that should be restricted. This unauthorized access can significantly compromise the integrity and confidentiality of data and systems, which is particularly concerning for organizations handling sensitive information.

Potential Impact of CVE-2025-58726

Unauthorized Data Access: The vulnerability allows attackers to potentially access sensitive files and data stored on systems that rely on the Windows SMB Server, posing a risk of data breaches and exposure of confidential information.
System Compromise: By leveraging privilege escalation, attackers can manipulate system settings or elevate their access, which can lead to further exploitation of the network and other connected systems, creating a more extensive attack surface.
Increased Risk from Ransomware: As this vulnerability has been exploited in the wild, there is a heightened risk of its use by threat actors, including ransomware groups. Exploiting this flaw could facilitate ransomware deployment and subsequent data encryption or theft, severely impacting organizational operations and leading to financial losses.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21161

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8519

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7919

News Articles

CyberSecurityNews

CVE-2025-58726

New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers

A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access.

3 weeks ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📈
Vulnerability started trending
Nov 5, 2025
👾
Exploit known to exist
Oct 30, 2025
📰
First article discovered by CyberSecurityNews
Oct 30, 2025
Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 3, 2025

JSON