CVE-2025-21295

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jan 14, 2025
CWE ID 416

Summary

CVE-2025-21295 is a remotely exploitable vulnerability affecting the SPNEGO Extended Negotiation (NEGOEX) security mechanism. Attackers can manipulate NEGOEX to execute arbitrary code on affected systems, gaining unauthorized access and control. This issue poses a significant threat to organizations using the affected software, and urgent patches are recommended to mitigate the risk. The vulnerability arises due to insufficient input validation, allowing malicious input to trigger the code execution. The exact cause and potential exploit vectors are still under investigation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 10
  • Microsoft Windows 11
  • Microsoft Windows Server 2008
  • Windows Server 2022

Affected Vendors

  • Microsoft