CVE-2025-47978: Windows Kerberos Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2025-Jul

Released

2025-07-08

EPSS Score

0.61% (percentile: 69.8%)

Description

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Affected Products (5)

Windows

• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2025 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2025

Security Updates (3)

• 5062572
• 5062553
• 5062570

Acknowledgments

<a href="https://www.linkedin.com/in/eliran-partush-22248710/">Eliran Partush </a> with <a href="https://www.silverfort.com/">Silverfort</a>, <a href="https://www.linkedin.com/in/dorsegal/">Dor Segal</a> with <a href="https://www.silverfort.com/">Silverfort</a>

Revision History

• 2025-07-08: Information published.