CVE-2025-59280

Опубликовано: 14 окт. 2025

Источник: msrc

CVSS3: 3.1

EPSS Низкий

Описание

Windows SMB Client Tampering Vulnerability

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?

Data Tampering when connecting to a SMB2 Server which doesn't support SMB Multi-protocol negotiate.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a machine-in-the-middle (MITM) attack.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5066872 5066876	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5066872 5066876	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5066874 5066877	Monthly Rollup Security Only
Windows Server 2012	5066875	Monthly Rollup
Windows Server 2012 (Server Core installation)	5066875	Monthly Rollup
Windows Server 2012 R2	5066873	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5066873	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 15%

0.00048

Низкий

3.1 Low

CVSS3

Связанные уязвимости

CVE-2025-59280

CVSS3: 3.1

nvd

2 месяца назад

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

GHSA-57v3-6r2p-wph5

CVSS3: 3.1

github

2 месяца назад

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.

BDU:2025-13007

CVSS3: 3.1

fstec

2 месяца назад

Уязвимость SMB-клиента операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 15%

0.00048

Низкий

3.1 Low

CVSS3