Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: High severity vulnerability, CVE-2025-55231 in Windows Storage allowing remote code execution, Patch Immediately!
Image
Published : 22/08/2025
* Last update: 22/08/2025
* Affected software:: Windows Storage (component)
• Windows Server 2012 R2 (Server Core) build: 6.3.9600.22767
• Windows Server 2012 R2 build: 6.3.9600.22767
• Windows Server 2016 (Server Core) build: 10.0.14393.8416
• Windows Server 2016 build: 10.0.14393.8416
• Windows Server 2025 build: 10.0.26100.6563
• Windows Server 2025 (Server Core) build: 10.0.26100.6563
• Windows Server 2022 (Server Core) build: 10.0.20348.4161
• Windows Server 2022 build: 10.0.20348.4161
• Windows Server 2019 (Server Core) build: 10.0.17763.7783
• Windows Server 2019 build: 10.0.17763.7783* Type: Improper Access Control
* CVE/CVSS
→ CVE-2025-55231: CVSS 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Sources
Microsoft https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55231
Risks
CVE-2025-55231 is a race condition in Windows Storage, arising from improper synchronisation of shared resources. An attacker can exploit this condition remotely to execute arbitrary code.
This vulnerability has significant impact on confidentiality, integrity, and availability.
The attack surface associated with this vulnerability is significantly broadened by the fact that multiple Windows Server distributions and build versions are affected. This diversity of exposure provides a potential attacker with a wide range of viable targets across enterprise environments, thereby increasing the likelihood of successful exploitation and reducing the defender’s ability to uniformly mitigate risk.
There is currently no evidence of this vulnerability being actively exploited.
Description
This vulnerability allows attackers to:
• Execute arbitrary code remotely, enabling full compromise of the Windows Storage service and potentially the underlying operating system.
• Access, modify, or delete sensitive data stored within networked Windows Storage volumes, impacting business-critical information.
• Establish persistence and lateral movement, as control over a storage subsystem could be leveraged to drop backdoors, create rogue processes, or pivot deeper into enterprise networks.
• Target enterprise environments, since Windows Storage services often underpin file shares, backups, and critical data repositories, making exploitation highly impactful to confidentiality, integrity, and availability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-55231