CVE-2025-50171Missing Authorization in Microsoft Windows Server 2022

CWE-862Missing AuthorizationCWE-401Missing Release of Memory after Effective Lifetime5 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.1%
top 69.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2Microsoft Windows 11 Version 22h2+6 more
Timeline
PublishedAug 12

Description

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages9 packages

CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.4052
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.4946
NVDmicrosoft/windows< 10.0.20348.3989+2
CVEListV5microsoft/windows_10_version_21h210.0.19044.010.0.19044.6216
CVEListV5microsoft/windows_10_version_22h210.0.19045.010.0.19045.6216

🔴Vulnerability Details

2
CVEList
Remote Desktop Spoofing Vulnerability2025-08-12
GHSA
GHSA-f3vj-5hwj-h699: Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network2025-08-12

📋Vendor Advisories

2
Microsoft
Remote Desktop Spoofing Vulnerability2025-08-12
Microsoft
net: systemport: fix potential memory leak in bcm_sysport_xmit()2024-11-12
CVE-2025-50171 — Missing Authorization in Microsoft | cvebase