Cyber Posture

CVE-2025-50171

Critical

Published: 12 August 2025

Published
12 August 2025
Modified
14 August 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0041 61.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50171 is a critical-severity Missing Authorization (CWE-862) vulnerability in Microsoft Windows Server 2022. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked in the top 38.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to External Remote Services (T1133) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 requires systems to enforce approved authorizations for access, directly addressing the missing authorization that enables unauthorized spoofing in Remote Desktop Server.

SC-23 Session Authenticity good match
prevent

SC-23 protects the authenticity of communications sessions, preventing spoofing attacks over the network in Remote Desktop Server.

AC-17 Remote Access good match
prevent

AC-17 authorizes and manages remote access connections, mitigating unauthorized network access and spoofing in Remote Desktop Server.

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Missing authorization in exposed RDP server directly enables unauthenticated network spoofing for initial access via external remote services or public-facing app exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2025-50171 is a missing authorization vulnerability in Remote Desktop Server that enables an unauthorized attacker to perform spoofing over a network. Associated with CWE-862 (Missing Authorization), it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and was published on 2025-08-12T18:15:35.883.

The vulnerability can be exploited by any unauthorized attacker with network access, requiring low complexity, no privileges, and no user interaction. Successful exploitation allows high confidentiality and integrity impacts, enabling the attacker to spoof identities or sessions in Remote Desktop Server, potentially leading to unauthorized data access and modification.

Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50171.

Details

CWE(s)
CWE-862

Affected Products

microsoft
windows server 2022
≤ 10.0.20348.3989
microsoft
windows server 2022 23h2
≤ 10.0.25398.1791
microsoft
windows server 2025
≤ 10.0.26100.4851

CVEs Like This One

CVE-2025-49723Same product: Microsoft Windows Server 2022
CVE-2026-21243Same product: Microsoft Windows Server 2022
CVE-2025-59287Same product: Microsoft Windows Server 2022
CVE-2025-50163Same product: Microsoft Windows Server 2022
CVE-2025-24064Same product: Microsoft Windows Server 2022
CVE-2025-54106Same product: Microsoft Windows Server 2022
CVE-2025-21309Same product: Microsoft Windows Server 2022
CVE-2026-26154Same product: Microsoft Windows Server 2022
CVE-2025-49735Same product: Microsoft Windows Server 2022
CVE-2025-21326Same product: Microsoft Windows Server 2022 23H2

References