CVE-2022-26925
HIGH KEV RANSOMWAREWindows - Unauthenticated Remote Code Execution via LSA Spoofing
Title source: llmExploitation Summary
CVE-2022-26925 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 1, 2022, with confirmed use in ransomware campaigns.
Description
Windows LSA Spoofing Vulnerability
References (3)
Core 3
Core References
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925
Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26925
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26925
Scores
CVSS v3
8.1
EPSS
0.3743
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2022-07-01
VulnCheck KEV
2022-05-10
InTheWild.io
2022-05-10
ENISA EUVD
EUVD-2022-31470
Ransomware Use
Confirmed
CWE
CWE-306
Status
published
Products (19)
microsoft/windows_10_1507
< 10.0.10240.19297
microsoft/windows_10_1607
< 10.0.14393.5125
microsoft/windows_10_1809
< 10.0.17763.2928
microsoft/windows_10_1909
< 10.0.18363.2274
microsoft/windows_10_20h2
< 10.0.19042.1706
microsoft/windows_10_21h1
< 10.0.19043.1706
microsoft/windows_10_21h2
< 10.0.19044.1706
microsoft/windows_11_21h2
< 10.0.22000.675
microsoft/windows_7
microsoft/windows_8.1
... and 9 more
Published
May 10, 2022
KEV Added
Jul 01, 2022
Tracked Since
Feb 18, 2026