FAQ
How could an attacker exploit the vulnerability? An attacker could exploit this vulnerability by sending a malicious message to the server, potentially leading to remote code execution.
MSRC compact vulnerability detail
CVE-2025-47981 · SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
Signals
Windows SPNEGO Extended Negotiation
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation More Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
FAQ / Articles
Windows Kerberos Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Kerberos allows an unauthorized attacker to execute code over a network.
Windows SPNEGO Extended Negotiation Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
FAQ
What is SPNEGO Extended Negotiation? The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178]. Please see SPNEGO Overview for more information.
Mitigation
The following mitigating factors might be helpful in your situation: This vulnerability affects Windows client machines running Windows 10, version 1607 and above, due to the following GPO being enabled by default on these operating systems: "Network security: Allow PKU2U authentication requests to this computer to use online identities".