CVE-2025-33054 — Insufficient UI Warning of Dangerous Operations in Microsoft Windows 11 Version 22h2

CWE-357 — Insufficient UI Warning of Dangerous Operations4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.3%

top 44.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 11 Version 22h2 Microsoft Windows 11 Version 22h3 Microsoft Windows 11 Version 23h2 +5 more

Timeline

PublishedJul 8

Description

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages9 packages

▶NVDmicrosoft/windows< 10.0.26100.4652

▶NVDmicrosoft/windows_11_22h2< 10.0.22621.5624

▶NVDmicrosoft/windows_11_23h2< 10.0.22631.5624

▶NVDmicrosoft/windows_11_24h2< 10.0.26100.4652

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.4652

🔴Vulnerability Details

CVEList

Remote Desktop Spoofing Vulnerability↗2025-07-08

▶

GHSA

GHSA-vp57-5mpg-g6cq: Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network↗2025-07-08

▶

📋Vendor Advisories

Microsoft

Remote Desktop Spoofing Vulnerability↗2025-07-08

▶