Impact
A stack‑based buffer overflow in the Windows Netlogon service allows an attacker who is not authenticated to execute arbitrary code on the target server over the network.
Affected Systems
Microsoft Windows Server 2012, 2012 R2, 2016, 2019, 2022 (including the 23H2 edition), and 2025, including their Server Core installations on 64‑bit builds. The specific affected versions are not listed in the advisory, so only the vendor and product names are known.
Risk and Exploitability
The CVSS base score of 9.8 classifies the vulnerability as critical, and the EPSS value of 72% indicates that the likelihood of active exploitation is high. It is not listed in the CISA KEV catalog. Attackers must be able to reach the vulnerable Netlogon service on the target server; once the stack overflow is triggered, arbitrary code execution is possible. The combination of a critical severity score and a high exploitation probability underscores the need for rapid remediation.
OpenCVE Enrichment