CVE-2025-47981

Опубликовано: 08 июл. 2025

Источник: msrc

CVSS3: 9.8

EPSS Низкий

Описание

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Меры по смягчению последствий

The following mitigating factors might be helpful in your situation:

This vulnerability affects Windows client machines running Windows 10, version 1607 and above, due to the following GPO being enabled by default on these operating systems: "Network security: Allow PKU2U authentication requests to this computer to use online identities".

FAQ

How could an attacker exploit the vulnerability?

An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.

What is SPNEGO Extended Negotiation?

The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see SPNEGO Overview for more information.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5062632 5062619	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5062632 5062619	Monthly Rollup Security Only
Windows Server 2012	5062592	Monthly Rollup
Windows Server 2012 (Server Core installation)	5062592	Monthly Rollup
Windows Server 2012 R2	5062597	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5062597	Monthly Rollup
Windows 10 for 32-bit Systems	5062561	Security Update
Windows 10 for x64-based Systems	5062561	Security Update
Windows Server 2016	5062560	Security Update
Windows 10 Version 1607 for 32-bit Systems	5062560	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 39%

0.00167

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2025-47981

CVSS3: 9.8

nvd

9 дней назад

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

GHSA-75vh-4rgj-m3j3

CVSS3: 9.8

github

9 дней назад

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

BDU:2025-08224

CVSS3: 9.8

fstec

10 дней назад

Уязвимость механизма безопасности расширенного согласования SPNEGO (NEGOEX) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 39%

0.00167

Низкий

9.8 Critical

CVSS3