CVE-2025-55234

Summary

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks:

SMB Server signing SMB Server Extended Protection for Authentication (EPA)

Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:

Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 150710.0.10240.0 < 10.0.10240.21128affected
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.7792affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6332affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6332affected
MicrosoftWindows 11 version 22H210.0.22621.0 < 10.0.22621.5909affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.5909affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.5909affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.6584affected
MicrosoftWindows Server 2008 R2 Service Pack 16.1.7601.0 < 6.1.7601.27929affected
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 < 6.1.7601.27929affected
MicrosoftWindows Server 2008 Service Pack 26.0.6003.0 < 6.0.6003.23529affected
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 < 6.0.6003.23529affected
MicrosoftWindows Server 20126.2.9200.0 < 6.2.9200.25675affected
MicrosoftWindows Server 2012 (Server Core installation)6.2.9200.0 < 6.2.9200.25675affected
MicrosoftWindows Server 2012 R26.3.9600.0 < 6.3.9600.22774affected
MicrosoftWindows Server 2012 R2 (Server Core installation)6.3.9600.0 < 6.3.9600.22774affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.7792affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.7792affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4171affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1849affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.6584affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.6584affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References