CVE-2025-32718 | THREATINT

Description

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

Reserved 2025-04-09 | Published 2025-06-10 | Updated 2025-06-11 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-190: Integer Overflow or Wraparound

CWE-122: Heap-based Buffer Overflow

Product status

10.0.17763.0 before 10.0.17763.7434

affected

10.0.17763.0 before 10.0.17763.7434

affected

10.0.17763.0 before 10.0.17763.7434

affected

10.0.20348.0 before 10.0.20348.3807

affected

10.0.19044.0 before 10.0.19044.5965

affected

10.0.22621.0 before 10.0.22621.5472

affected

10.0.19045.0 before 10.0.19045.5965

affected

10.0.26100.0 before 10.0.26100.4349

affected

10.0.22631.0 before 10.0.22631.5472

affected

10.0.22631.0 before 10.0.22631.5472

affected

10.0.25398.0 before 10.0.25398.1665

affected

10.0.26100.0 before 10.0.26100.4349

affected

10.0.26100.0 before 10.0.26100.4349

affected

10.0.10240.0 before 10.0.10240.21034

affected

10.0.14393.0 before 10.0.14393.8148

affected

10.0.14393.0 before 10.0.14393.8148

affected

10.0.14393.0 before 10.0.14393.8148

affected

6.2.9200.0 before 6.2.9200.25522

affected

6.2.9200.0 before 6.2.9200.25522

affected

6.3.9600.0 before 6.3.9600.22620

affected

6.3.9600.0 before 6.3.9600.22620

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32718 (Windows SMB Client Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-32718)

nvd.nist.gov (CVE-2025-32718)

Download JSON