CVE-2025-47981 RCE in the Windows SPNEGO Extended Negotiation (NEGOEX) : Pentesting | Torhoo darknet markets

CVE-2025-47981 is a critical security vulnerability in Windows systems, likely affecting versions from Windows 10 (1607) onward and various Windows Server editions

no public exploits being available as of July 12 ,2025

Overview

CVE-2025-47981 is a critical remote code execution (RCE) vulnerability in the Windows SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. It allows an unauthenticated attacker to execute code remotely by sending a crafted message, potentially leading to full system control.

Risk Level

With a CVSSv3 score of 9.8, it’s considered highly severe and classified as "wormable," meaning it could spread automatically across networks

This vulnerability likely affects Windows 10 (version 1607 and later), Windows 11, and various Windows Server versions (2008 R2 SP1 through 2025), especially systems with a specific default-enabled group policy.

Patch and Mitigation :

Microsoft released patches as part of the July 2025 Patch Tuesday update on July 8, 2025. Applying these updates is essential. If patching isn’t immediately possible, disabling the group policy "Network security: Allow PKU2U authentication requests to computer

Current Exploitation Status

As of July 12, 2025, there are no reports of public exploits, but the high likelihood of exploitation suggests attackers may be developing them, given its critical nature.


Technical Details:

Vulnerability Type: Heap-based buffer overflow (CWE-122), enabling remote code execution.

Affected Component: The SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, part of Windows authentication protocols.

CVSS Scoring:

CVSSv3 Score: 9.8 (Critical)

CVSS 4.0 Severity: Not yet provided by NVD as of July 12, 2025.

Attack Vector: Remote, network-based, with no authentication needed, making it highly exploitable over services like SMB (port 445/TCP), RDP (port 3389/TCP), HTTP/S (ports 80, 443/TCP), and SMTP (port 25/TCP).

Sources and References:

https://nvd.nist.gov/vuln/detail/CVE-2025-47981
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-47981
https://www.wiz.io/vulnerability-database/cve/cve-2025-47981
https://www.cert.at/de/warnungen/2025/7/kritische-sicherheitslucke-cve-2025-47981-in-windows-spnego-update-dringend-empfohlen
https://www.helpnetsecurity.com/2025/07/09/microsoft-fixes-critical-wormable-windows-flaw-cve-2025-47981/
https://zeropath.com/blog/windows-spnego-cve-2025-47981-rce