CVE-2025-48802Improper Certificate Validation in Microsoft Windows 11 Version 22h2

CWE-295Improper Certificate Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Microsoft Windows 11 Version 22h2Microsoft Windows 11 Version 22h3Microsoft Windows 11 Version 23h2+4 more
Timeline
PublishedJul 8

Description

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

NVDmicrosoft/windows< 10.0.20348.3932+1
NVDmicrosoft/windows_11_22h2< 10.0.22621.5624
NVDmicrosoft/windows_11_23h2< 10.0.22631.5624
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.3932
CVEListV5microsoft/windows_11_version_22h210.0.22621.010.0.22621.5624

🔴Vulnerability Details

2
CVEList
Windows SMB Server Spoofing Vulnerability2025-07-08
GHSA
GHSA-32c4-pxr5-p8gv: Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network2025-07-08

📋Vendor Advisories

1
Microsoft
Windows SMB Server Spoofing Vulnerability2025-07-08
CVE-2025-48802 — Improper Certificate Validation | cvebase