CVE-2025-58726

Name of the Vulnerable Software and Affected Versions Windows versions (affected versions not specified)

Description An issue exists in the Windows SMB Server component related to improper access control. Exploitation of this issue can allow an attacker to elevate privileges over a network. This can be achieved through Kerberos reflection against unresolved Service Principal Names (Ghost SPNs). The vulnerability requires the presence of a Ghost SPN on the target system and the ability to register DNS records. Microsoft addressed this with a security update released in October 2025. The vulnerability allows for remote SYSTEM escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.