CVE-2025-58726

Q: What is the severity of CVE-2025-58726?

CVE-2025-58726 has a CVSS score of 7.5 (HIGH). An improper access control vulnerability in Windows SMB Server allows authenticated attackers to elevate privileges over the network. This affects Windows systems with SMB Server enabled, potentially allowing attackers to gain higher privileges than intended. Organizations using Windows SMB services are at risk.

7.5 HIGH

📋 TL;DR

An improper access control vulnerability in Windows SMB Server allows authenticated attackers to elevate privileges over the network. This affects Windows systems with SMB Server enabled, potentially allowing attackers to gain higher privileges than intended. Organizations using Windows SMB services are at risk.

💻 Affected Systems

Products:

Windows SMB Server

Versions: Specific Windows versions as per Microsoft advisory (check vendor URL for exact versions)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SMB Server role/service to be enabled and running. Client-only configurations may not be affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM-level privileges, enabling lateral movement across the network, data exfiltration, and ransomware deployment.

🟠

Likely Case

Privilege escalation from standard user to administrator, allowing installation of malware, credential theft, and persistence mechanisms.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege access, and monitoring in place, potentially only affecting isolated segments.

🌐 Internet-Facing: HIGH if SMB is exposed to the internet, as authenticated attackers could exploit remotely.

🏢 Internal Only: HIGH due to the prevalence of SMB in Windows environments and potential for lateral movement once initial access is gained.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to SMB service. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific KB number

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58726

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify patch installation via Windows Update history.

🔧 Temporary Workarounds

Disable SMB Server

windows

Disable SMB Server service if not required for business operations

Set-Service -Name LanmanServer -StartupType Disabled
Stop-Service -Name LanmanServer

Restrict SMB Access

windows

Use firewall rules to restrict SMB access to trusted hosts only

New-NetFirewallRule -DisplayName "Block SMB Inbound" -Direction Inbound -Protocol TCP -LocalPort 445 -Action Block

🧯 If You Can't Patch

Implement strict network segmentation to isolate SMB traffic
Enforce least privilege access controls and monitor for unusual SMB authentication patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates against Microsoft advisory. Use: systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify security update KB number is installed via: wmic qfe list | findstr KB

📡 Detection & Monitoring

Log Indicators:

Unusual SMB authentication events (Event ID 4624/4625)
Privilege escalation attempts in security logs
Unexpected service creation or process execution

Network Indicators:

Unusual SMB traffic patterns from non-standard hosts
Multiple authentication attempts over SMB
SMB connections followed by privilege-related activities

SIEM Query:

source="windows" AND (event_id=4624 OR event_id=4625) AND process_name="lsass.exe" AND logon_type=3 AND user!="SYSTEM" | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2025-58726

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.23% exploit probability (45.8th percentile)

Published: October 14, 2025

Last Updated: November 11, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable SMB Server

Restrict SMB Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities