CVE-2025-54101

MEDIUM EPSS 81.6%

Published Sep 9, 20259mo ago · Modified Jun 17, 20261w ago

4.8 CVSS 3.1

Medium

Published Sep 9, 2025 9mo ago

Last Modified Jun 17, 2026 1w ago

Description

Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.

Base Score

4.8

Exploitability

1.2

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability High

EPSS Exploit Probability

81.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

CWE-416 Use After Free Memory Safety

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.21128
microsoft	windows_10_1507	*	<10.0.10240.21128
microsoft	windows_10_1607	*	<10.0.14393.8422
microsoft	windows_10_1607	*	<10.0.14393.8422
microsoft	windows_10_1809	*	<10.0.17763.7792
microsoft	windows_10_1809	*	<10.0.17763.7792
microsoft	windows_10_21h2	*	<10.0.19044.6332
microsoft	windows_10_22h2	*	<10.0.19045.6332
microsoft	windows_11_22h2	*	<10.0.22621.5909
microsoft	windows_11_23h2	*	<10.0.22631.5909
microsoft	windows_server_2012	*	any
microsoft	windows_server_2012	r2	any
microsoft	windows_server_2016	*	<10.0.14393.8422
microsoft	windows_server_2019	*	<10.0.17763.7792
microsoft	windows_server_2022	*	<10.0.20348.4106
microsoft	windows_server_2022_23h2	*	<10.0.25398.1849

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54101

Vendor Advisory
vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-54101-detection-script-remote-code-execution-vulnerability-affecting-windows-smbv3
vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-54101-mitigation-script-remote-code-execution-vulnerability-affecting-windows-smbv3

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.