Cyber Posture

CVE-2025-33054

High

Published: 08 July 2025

Published
08 July 2025
Modified
14 July 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0102 77.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-33054 is a high-severity Insufficient UI Warning of Dangerous Operations (CWE-357) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Remote Desktop Protocol (T1021.001); ranked in the top 22.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-11 (Trusted Path).

Threat & Defense at a Glance

What attackers do: exploitation maps to Remote Desktop Protocol (T1021.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-17 Remote Access good match
prevent

AC-17 requires protections against spoofing for remote access, directly mitigating the network-based spoofing enabled by insufficient UI warnings in the Remote Desktop Client.

SC-11 Trusted Path good match
prevent

SC-11 establishes a trusted path that prevents spoofing over remote connections, addressing the UI spoofing vulnerability in RDP sessions.

SC-23 Session Authenticity good match
prevent

SC-23 ensures the authenticity of remote sessions, countering the spoofing attack that exploits poor UI warnings in the Remote Desktop Client.

MITRE ATT&CK Enterprise TechniquesAI

T1021.001 Remote Desktop Protocol Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
attack.mitre.org →
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

Vulnerability in RDP client UI warnings directly enables spoofing/MitM-style abuse of Remote Desktop Protocol connections via user interaction.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2025-33054 is a vulnerability involving insufficient UI warnings for dangerous operations in the Remote Desktop Client. This flaw allows an unauthorized attacker to perform spoofing over a network. Published on 2025-07-08T17:15:34.063, it is associated with CWE-357 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

The vulnerability can be exploited by an unauthorized attacker over the network with low attack complexity and no privileges required, though it necessitates user interaction. Successful exploitation enables the attacker to compromise confidentiality and integrity at a high level, with no impact on availability.

Microsoft's update guide provides details on mitigation for CVE-2025-33054, available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33054.

Details

CWE(s)
CWE-357

Affected Products

microsoft
windows 11 22h2
≤ 10.0.22621.5624
microsoft
windows 11 23h2
≤ 10.0.22631.5624
microsoft
windows 11 24h2
≤ 10.0.26100.4652
microsoft
windows server 2025
≤ 10.0.26100.4652

CVEs Like This One

CVE-2025-24076Same product: Microsoft Windows 11 22H2
CVE-2025-24994Same product: Microsoft Windows 11 22H2
CVE-2025-21370Same product: Microsoft Windows 11 22H2
CVE-2025-21343Same product: Microsoft Windows 11 22H2
CVE-2026-26151Same product: Microsoft Windows 11 23H2
CVE-2025-21325Same product: Microsoft Windows 11 22H2
CVE-2025-24084Same product: Microsoft Windows 11 22H2
CVE-2025-21335Same product: Microsoft Windows 11 22H2
CVE-2025-21333Same product: Microsoft Windows 11 22H2
CVE-2025-21334Same product: Microsoft Windows 11 22H2

References