CVE-2025-58726

HIGH

Windows SMB Server - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-58726. PoCs published by jonaslejon.

AI-analyzed exploit summary This repository contains a fully automated penetration testing tool that chains multiple attack techniques to compromise Active Directory environments, including exploitation of CVE-2025-58726 (ghost-SPN Kerberos AP-REQ reflection). The tool integrates various phases for discovery, exploitation, and post-exploitation, with detailed usage instructions and technical descriptions.

Description

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Exploits (1)

nomisec WORKING POC 1 stars

by jonaslejon · poc

https://github.com/jonaslejon/ad-autopwn

View Code ZIP pw:eip

This repository contains a fully automated penetration testing tool that chains multiple attack techniques to compromise Active Directory environments, including exploitation of CVE-2025-58726 (ghost-SPN Kerberos AP-REQ reflection). The tool integrates various phases for discovery, exploitation, and post-exploitation, with detailed usage instructions and technical descriptions.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Complex

Reliability

Reliable

Target: Active Directory (various versions, including Windows Server 2025 pre-March-2026)

No auth needed

Prerequisites: Network access to Active Directory environment · Optional: Valid credentials for certain phases

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 02, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58726

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-58726-detection-script-improper-access-control-affecting-smb-server-by-microsoft

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-58726-mitigation-script-improper-access-control-affecting-smb-server-by-microsoft

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (18)

microsoft/windows_10_1507 < 10.0.10240.21161 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.8519 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7919 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.6456

microsoft/windows_10_22h2 < 10.0.19045.6456

microsoft/windows_11_22h2 < 10.0.22621.6060

microsoft/windows_11_23h2 < 10.0.22631.6060

microsoft/windows_11_24h2 < 10.0.26100.6899

microsoft/windows_11_25h2 < 10.0.26200.6899

microsoft/windows_server_2008 (2 CPE variants)

... and 8 more

Published Oct 14, 2025

Tracked Since Feb 18, 2026