Plateforme
windows
Composant
windows-smb-client
Corrigé dans
10.0.10240.21161
10.0.14393.8519
10.0.17763.7919
10.0.19044.6456
10.0.19045.6456
10.0.22621.6060
10.0.22631.6060
10.0.26100.6899
6.1.7601.27974
CVE-2025-59280 describes an improper authentication issue within the Windows SMB Client. This flaw allows an unauthorized attacker to potentially tamper with data transmitted over a network connection. The vulnerability impacts Windows versions up to and including 10.0.26100.6899, and a patch is available in version 10.0.26100.6899.
The primary impact of CVE-2025-59280 is the potential for unauthorized data modification. An attacker exploiting this vulnerability could inject malicious data into network shares accessed via SMB, leading to data corruption or compromise. While the CVSS score is LOW, the potential for tampering, especially in environments with sensitive data or critical infrastructure, warrants attention. The scope of impact is limited to network shares accessible via SMB, and successful exploitation requires network access and the ability to craft malicious SMB packets. The vulnerability's nature suggests a potential for targeted attacks rather than widespread, automated exploitation.
CVE-2025-59280 was published on 2025-10-14. The LOW CVSS score suggests a relatively low probability of exploitation. No public proof-of-concept (PoC) code is currently known. It is not listed on the CISA KEV catalog at the time of writing. Given the nature of the vulnerability (SMB protocol manipulation), it's possible that internal threat actors or advanced persistent threats (APTs) could develop exploits.
Organizations heavily reliant on Windows file sharing and SMB protocols are at risk. Environments with legacy Windows systems or those lacking robust network segmentation are particularly vulnerable. Shared hosting environments where multiple users access the same SMB shares could also experience broader impact if one user's account is compromised.
• windows / supply-chain:
Get-Process -Name smbclient | Select-Object ProcessId, CommandLine• windows / supply-chain:
Get-WinEvent -LogName System -FilterXML "<QueryList><Query><Select Path="System">*[System[Provider[@Name='Microsoft-Windows-SMBClient']]]</Select></Query></QueryList>" | Where-Object {$_.Message -match "authentication failure"}• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like '*smb*'} | Select-Object TaskName, Statedisclosure
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-59280 is upgrading to Windows version 10.0.26100.6899 or later, which includes the fix. If immediate patching is not feasible, consider implementing network segmentation to restrict access to SMB shares. Review firewall rules to limit SMB traffic to only necessary sources. While a WAF is unlikely to directly address this vulnerability, ensuring proper network access controls is crucial. There are no specific detection signatures readily available, but monitoring network traffic for unusual SMB activity could provide early warning signs.
Actualice su sistema operativo Windows a la última versión disponible a través de Windows Update. Esto instalará las correcciones de seguridad necesarias para mitigar la vulnerabilidad en el cliente SMB.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-59280 is a LOW severity vulnerability in the Windows SMB Client that allows an attacker to tamper with data over a network due to improper authentication.
You are affected if you are running Windows versions ≤10.0.26100.6899. Check your system version and apply the update if necessary.
Upgrade to Windows version 10.0.26100.6899 or later to resolve this vulnerability. Consider network segmentation as a temporary workaround.
Currently, there are no confirmed reports of active exploitation, but the potential for exploitation exists.
Refer to the Microsoft Security Update Guide for the latest information and advisory details regarding CVE-2025-59280.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.