EUVD-2025-17787

| CVE-2025-32718 HIGH
2025-06-10 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17787
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:21 nvd
HIGH 7.8

Tags

Microsoft Windows Privilege Escalation Integer Overflow Windows Server 2012 Windows Server 2019 Windows 10 21h2 Windows 10 1809 Windows Server 2022 Windows 11 22h2 Windows Server 2016 Windows 11 23h2 Windows 10 22h2 Windows 10 1507 Windows Server 2022 23h2 Windows 10 1607 Windows 11 24h2 Windows Server 2025

Description

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

Analysis

CVE-2025-32718 is an integer overflow vulnerability in Windows SMB that allows a locally authenticated attacker to achieve privilege escalation with high impact to confidentiality, integrity, and availability. The vulnerability affects Windows operating systems' SMB implementation and has a CVSS score of 7.8 (High) with low attack complexity, making it a significant local privilege escalation risk for multi-user systems and domain environments.

Technical Context

This vulnerability exists in the Windows Server Message Block (SMB) protocol implementation, specifically involving an integer overflow or wraparound condition classified under CWE-122 (Heap-based Buffer Overflow). Integer overflows in SMB can occur during buffer size calculations, packet parsing, or memory allocation operations. When an attacker-controlled value is used in arithmetic operations without proper bounds checking, it can wrap around to a small positive value, bypassing size validations and leading to heap buffer overflows. The SMB protocol (TCP ports 445/139) is fundamental to Windows file sharing, network authentication, and inter-process communication, making any flaw here broadly impactful across Windows infrastructure.

Affected Products

Windows SMB implementation across multiple Windows operating system versions, likely including Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Specific CPE identifiers would be: cpe:2.3:o:microsoft:windows_*:*:* across affected versions. The vulnerability requires local authenticated access (PR:L), so it impacts: (1) Multi-user workstations and shared systems; (2) Domain-joined machines where standard users exist; (3) Systems with local user accounts. Organizations running Windows in any deployment model should be considered potentially affected pending Microsoft's specific version advisory.

Remediation

Apply the official Microsoft security patch when released for affected Windows versions. Interim mitigations include: (1) Restrict local user access and enforce principle of least privilege—disable unnecessary local accounts and remove standard users from sensitive systems; (2) Implement application whitelisting and AppLocker policies to restrict execution of potential exploit payloads; (3) Enable Windows Defender Exploit Guard features (Control Flow Guard, Address Space Layout Randomization); (4) Monitor SMB traffic and disable SMB v1 if not required; (5) Apply network segmentation to isolate high-value systems; (6) Enforce multi-factor authentication for domain accounts to limit lateral movement post-exploitation. Patch availability and version numbers will be provided in Microsoft Security Advisories—monitor Microsoft Security Response Center (MSRC) for official bulletin.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +39
POC: 0

Share

EUVD-2025-17787 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy