New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers

A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access.

Microsoft designated this as CVE-2025-58726, an “SMB Server Elevation of Privilege” flaw impacting all Windows versions absent enforced SMB signing.

According to Semperis, the issue persists in environments with default Active Directory (AD) configurations, underscoring Kerberos’ susceptibility to reflection despite mitigations for related flaws like CVE-2025-33073.

Read more here.