CVE-2025-33056 — Improper Access Control in Microsoft Windows 10 Version 1507

CWE-284 — Improper Access Control4 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.8%

top 11.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +24 more

Timeline

PublishedJun 10

Description

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages26 packages

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.6003.0 — 6.0.6003.23351

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.7601.0 — 6.1.7601.27769

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.25522

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.8148

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.7434

🔴Vulnerability Details

CVEList

Windows Local Security Authority (LSA) Denial of Service Vulnerability↗2025-06-10

▶

GHSA

GHSA-9qr2-qm38-64g4: Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network↗2025-06-10

▶

📋Vendor Advisories

Microsoft

Windows Local Security Authority (LSA) Denial of Service Vulnerability↗2025-06-10

▶