What is the CVSS score of CVE-2025-33070?

CVE-2025-33070 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Windows are affected by CVE-2025-33070?

CVE-2025-33070 is a high-severity privilege escalation vulnerability in Windows Netlogon that allows unauthenticated remote attackers to execute code on networked systems without user interaction.. A patch is available.

How to fix or mitigate CVE-2025-33070?

Within 24 hours: inventory all Windows systems running Netlogon services and identify patch applicability. Within 7 days: apply vendor-released patch to all affected Windows systems, prioritizing domain controllers and critical infrastructure. Within 30 days: complete patching across all systems in scope and verify remediation through patch compliance scanning.

Windows CVE-2025-33070

EUVD-2025-17738 HIGH

Use of Uninitialized Resource (CWE-908)

2025-06-10 secure@microsoft.com

Windows Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:41 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

10.0.22631.5472,6.1.7601.27769,10.0.26100.4349

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17738

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:22 nvd

HIGH 8.1

DescriptionNVD

Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

AnalysisAI

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Technical ContextAI

Windows Netlogon is a critical authentication protocol and service (netlogon.dll) responsible for secure communication between Windows systems and domain controllers. CWE-908 (Use of Uninitialized Resource) indicates that the vulnerability stems from uninitialized memory being referenced during Netlogon operations, potentially allowing an attacker to read or manipulate memory contents over the network. This class of vulnerability is particularly dangerous in authentication protocols because uninitialized buffers may contain sensitive data (session keys, credentials) or allow exploitation of predictable memory states. The flaw exists at the network-facing Netlogon RPC interface, making it remotely exploitable without prior system access. Affected CPE would typically include: cpe:2.3:o:microsoft:windows:* with Netlogon service enabled, and potentially cpe:2.3:a:microsoft:netlogon:* across multiple Windows versions (Server 2016-2022, Windows 10-11).

RemediationAI

Immediate actions: (1) Apply Microsoft security updates for Windows Netlogon immediately upon release—patch all affected Windows Server and client systems; (2) Monitor Microsoft Security Update Guide (portal.msrc.microsoft.com) for CVE-2025-33070 patch availability and KB article; (3) Temporary mitigations while awaiting patches: restrict network access to Netlogon RPC endpoints (TCP/UDP 135, 139, 445) using firewall rules, limit to trusted domain controller IPs; (4) Disable unnecessary Netlogon service where not required (non-domain-joined systems); (5) Implement network segmentation to restrict lateral movement from compromised systems; (6) Deploy endpoint detection and response (EDR) to monitor for anomalous Netlogon RPC traffic and privilege escalation attempts. Prioritize domain controller patching first, then domain-joined servers, then clients. Expected patch availability: coordinate with Microsoft monthly patch cycles or emergency out-of-band releases if active exploitation emerges.

More from same product – last 7 days

CVE-2026-10044 HIGH This Week POC

8.2 May 28

{filename} endpoint. The flawed traversal guard only rejects forward slashes and '..' sequences, so absolute Windows pat

CVE-2026-40412 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Azure Orbital Spatio allows unauthenticated network attackers to upload dangerous fil

CVE-2026-41104 CRITICAL Monitor

10.0 May 22

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft mal

CVE-2026-23652 CRITICAL Monitor

10.0 May 22

Remote code execution in Microsoft Power Pages allows unauthenticated network attackers to inject and execute operating-

CVE-2026-47280 CRITICAL Monitor

10.0 May 22

Privilege elevation in Microsoft Azure Resource Manager (ARM) allows remote unauthenticated attackers to bypass authenti

CVE-2025-33070 vulnerability details – vuln.today

Back

Windows CVE-2025-33070

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code