Vulnerability Lookup

🛡️ CVE-2025-55234

🟠 CVSS 8.8 — High ✅ No Known Exploit CWE-287 NVD

8.8

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.

Details

Severity HIGH

CVSS Score 8.8

CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE CWE-287

Public Exploit ✅ No

Source NVD

Published 2025-09-09

Updated 2026-06-02

Modified 2025-10-17

Fix URL N/A

Affected Packages

Software	From version	Fixed in
windows-10-1507	—	10.0.10240.21128
windows-10-1607	—	10.0.14393.8422
windows-10-1809	—	10.0.17763.7792
windows-10-21h2	—	10.0.19044.6332
windows-10-22h2	—	10.0.19045.6332
windows-11-22h2	—	10.0.22621.5909
windows-11-23h2	—	10.0.22631.5909
windows-11-24h2	—	10.0.26100.6508
windows-server-2008	—	—
windows-server-2012	—	—
windows-server-2016	—	10.0.14393.8422
windows-server-2019	—	10.0.17763.7792
windows-server-2022	—	10.0.20348.4106
windows-server-2022-23h2	—	10.0.25398.1849
windows-server-2025	—	10.0.26100.6508

References

Vendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55234

https://www.vicarius.io/vsociety/posts/cve-2025-55234-detection-script-smb-server-vulnerability-affecting-microsoft-systems

https://www.vicarius.io/vsociety/posts/cve-2025-55234-mitigation-script-smb-server-vulnerability-affecting-microsoft-systems

🔗 NVD 🔗 Mitre

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Is your WordPress site affected?

Company

Resources

Services

Trusted

Subscribe