CVE-2025-26680

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::
	cpe:2.3:o:microsoft:windows_server_2025::::::::

History

09 Jul 2025, 16:35

Type	Values Removed	Values Added
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680 - Vendor Advisory
CPE		cpe:2.3:o:microsoft:windows_server_2019:::::::: cpe:2.3:o:microsoft:windows_server_2025:::::::: cpe:2.3:o:microsoft:windows_server_2022:::::::: cpe:2.3:o:microsoft:windows_server_2016:::::::: cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
First Time		Microsoft Microsoft windows Server 2019 Microsoft windows Server 2012 Microsoft windows Server 2025 Microsoft windows Server 2022 Microsoft windows Server 2016

09 Apr 2025, 20:03

Type	Values Removed	Values Added
Summary		(es) El consumo descontrolado de recursos en el Servicio de administración de almacenamiento basado en estándares de Windows permite que un atacante no autorizado deniegue el servicio a través de una red.

08 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 18:15

Updated : 2025-07-09 16:35

NVD link : CVE-2025-26680

Mitre link : CVE-2025-26680

CVE.ORG link : CVE-2025-26680

JSON object : View

Products Affected

microsoft

windows_server_2025
windows_server_2016
windows_server_2012
windows_server_2022
windows_server_2019

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2025-26680", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-08T18:15:52.667", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26680", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network."}, {"lang": "es", "value": "El consumo descontrolado de recursos en el Servicio de administraci\u00f3n de almacenamiento basado en est\u00e1ndares de Windows permite que un atacante no autorizado deniegue el servicio a trav\u00e9s de una red."}], "lastModified": "2025-07-09T16:35:03.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259", "versionEndExcluding": "10.0.14393.7969"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A", "versionEndExcluding": "10.0.17763.7136"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970", "versionEndExcluding": "10.0.20348.3453"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99601356-2DEE-482F-BCBC-A5C7D92D2D74", "versionEndExcluding": "10.0.26100.3775"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

7.5 /10