CVE-2025-55234

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.3%
top 47.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
34
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+31 more
Timeline
PublishedSep 9

Description

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their envir

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages33 packages

CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.6584
CVEListV5microsoft/windows_server_2025_(server_core_installation)10.0.26100.010.0.26100.6584
CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.25675
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.8422
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.7792

🔴Vulnerability Details

2
CVEList
Windows SMB Elevation of Privilege Vulnerability2025-09-09
GHSA
GHSA-9x8h-hfmc-8j5r: SMB Server might be susceptible to relay attacks depending on the configuration2025-09-09

📋Vendor Advisories

1
Microsoft
Windows SMB Elevation of Privilege Vulnerability2025-09-09
CVE-2025-55234 (CRITICAL CVSS 9.8) | SMB Server might be susceptible to | cvebase.io