Platform
windows
Component
windows-smb-client
Fixed in
10.0.10240.21161
10.0.14393.8519
10.0.17763.7919
10.0.19044.6456
10.0.19045.6456
10.0.22621.6060
10.0.22631.6060
10.0.26100.6899
6.1.7601.27974
CVE-2025-59280 describes an improper authentication issue within the Windows SMB Client. This flaw allows an unauthorized attacker to potentially tamper with data transmitted over a network connection. The vulnerability impacts Windows versions up to and including 10.0.26100.6899, and a patch is available in version 10.0.26100.6899.
The primary impact of CVE-2025-59280 is the potential for unauthorized data modification. An attacker exploiting this vulnerability could inject malicious data into network shares accessed via SMB, leading to data corruption or compromise. While the CVSS score is LOW, the potential for tampering, especially in environments with sensitive data or critical infrastructure, warrants attention. The scope of impact is limited to network shares accessible via SMB, and successful exploitation requires network access and the ability to craft malicious SMB packets. The vulnerability's nature suggests a potential for targeted attacks rather than widespread, automated exploitation.
CVE-2025-59280 was published on 2025-10-14. The LOW CVSS score suggests a relatively low probability of exploitation. No public proof-of-concept (PoC) code is currently known. It is not listed on the CISA KEV catalog at the time of writing. Given the nature of the vulnerability (SMB protocol manipulation), it's possible that internal threat actors or advanced persistent threats (APTs) could develop exploits.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59280 is upgrading to Windows version 10.0.26100.6899 or later, which includes the fix. If immediate patching is not feasible, consider implementing network segmentation to restrict access to SMB shares. Review firewall rules to limit SMB traffic to only necessary sources. While a WAF is unlikely to directly address this vulnerability, ensuring proper network access controls is crucial. There are no specific detection signatures readily available, but monitoring network traffic for unusual SMB activity could provide early warning signs.
Update your Windows operating system to the latest available version through Windows Update. This will install the necessary security fixes to mitigate the vulnerability in the SMB client.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59280 is a LOW severity vulnerability in the Windows SMB Client that allows an attacker to tamper with data over a network due to improper authentication.
You are affected if you are running Windows versions ≤10.0.26100.6899. Check your system version and apply the update if necessary.
Upgrade to Windows version 10.0.26100.6899 or later to resolve this vulnerability. Consider network segmentation as a temporary workaround.
Currently, there are no confirmed reports of active exploitation, but the potential for exploitation exists.
Refer to the Microsoft Security Update Guide for the latest information and advisory details regarding CVE-2025-59280.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.