CVE-2025-33054
Published: 08 July 2025
Summary
CVE-2025-33054 is a high-severity Insufficient UI Warning of Dangerous Operations (CWE-357) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Desktop Protocol (T1021.001); ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-11 (Trusted Path).
Deeper analysis
The vulnerability CVE-2025-33054 stems from insufficient UI warnings of dangerous operations in the Remote Desktop Client. This flaw, tracked under CWE-357, enables spoofing and carries a CVSS 3.1 score of 8.1 reflecting network attack vector, low complexity, no required privileges, and required user interaction leading to high confidentiality and integrity impacts.
An unauthorized attacker can exploit the issue remotely over a network to conduct spoofing attacks against users of the Remote Desktop Client, potentially tricking them into approving unsafe operations without adequate visual cues.
Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33054 addresses the vulnerability and is the primary source for official mitigation guidance. The associated EPSS score remains flat at 0.0116 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20659
Vulnerability details
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in RDP client UI warnings directly enables spoofing/MitM-style abuse of Remote Desktop Protocol connections via user interaction.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-17 requires protections against spoofing for remote access, directly mitigating the network-based spoofing enabled by insufficient UI warnings in the Remote Desktop Client.
SC-11 establishes a trusted path that prevents spoofing over remote connections, addressing the UI spoofing vulnerability in RDP sessions.
SC-23 ensures the authenticity of remote sessions, countering the spoofing attack that exploits poor UI warnings in the Remote Desktop Client.