Skip to main content

Windows 11 24h2 EUVDEUVD-2025-17738

| CVE-2025-33070 HIGH
Use of Uninitialized Resource (CWE-908)
2025-06-10 secure@microsoft.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:41 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.0.22631.5472,6.1.7601.27769,10.0.26100.4349
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17738
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:22 nvd
HIGH 8.1

DescriptionCVE.org

Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

AnalysisAI

Use-of-uninitialized-resource vulnerability in Windows Netlogon that allows unauthenticated network attackers to achieve privilege escalation through a complex exploitation path. The vulnerability affects Windows systems running Netlogon services and enables remote code execution with high impact on confidentiality, integrity, and availability. Given the network-based attack vector and lack of authentication requirements, this represents a significant threat to networked Windows environments, though exploitation requires specific conditions (high attack complexity).

Technical ContextAI

Windows Netlogon is a critical authentication protocol and service (netlogon.dll) responsible for secure communication between Windows systems and domain controllers. CWE-908 (Use of Uninitialized Resource) indicates that the vulnerability stems from uninitialized memory being referenced during Netlogon operations, potentially allowing an attacker to read or manipulate memory contents over the network. This class of vulnerability is particularly dangerous in authentication protocols because uninitialized buffers may contain sensitive data (session keys, credentials) or allow exploitation of predictable memory states. The flaw exists at the network-facing Netlogon RPC interface, making it remotely exploitable without prior system access. Affected CPE would typically include: cpe:2.3:o:microsoft:windows:* with Netlogon service enabled, and potentially cpe:2.3:a:microsoft:netlogon:* across multiple Windows versions (Server 2016-2022, Windows 10-11).

RemediationAI

Immediate actions: (1) Apply Microsoft security updates for Windows Netlogon immediately upon release—patch all affected Windows Server and client systems; (2) Monitor Microsoft Security Update Guide (portal.msrc.microsoft.com) for CVE-2025-33070 patch availability and KB article; (3) Temporary mitigations while awaiting patches: restrict network access to Netlogon RPC endpoints (TCP/UDP 135, 139, 445) using firewall rules, limit to trusted domain controller IPs; (4) Disable unnecessary Netlogon service where not required (non-domain-joined systems); (5) Implement network segmentation to restrict lateral movement from compromised systems; (6) Deploy endpoint detection and response (EDR) to monitor for anomalous Netlogon RPC traffic and privilege escalation attempts. Prioritize domain controller patching first, then domain-joined servers, then clients. Expected patch availability: coordinate with Microsoft monthly patch cycles or emergency out-of-band releases if active exploitation emerges.

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-21293 HIGH POC
8.8 Jan 14

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users

CVE-2025-30397 HIGH POC
7.5 May 13

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the

CVE-2025-32706 HIGH POC
7.8 May 13

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne

CVE-2025-21418 HIGH
7.8 Feb 11

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation

CVE-2026-21510 HIGH POC
8.8 Feb 10

Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta

CVE-2025-47827 MEDIUM POC
4.6 Jun 05

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph

CVE-2026-21519 HIGH
7.8 Feb 10

Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables

CVE-2025-32701 HIGH
7.8 May 13

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se

CVE-2025-21391 HIGH
7.1 Feb 11

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack

CVE-2025-32709 HIGH
7.8 May 13

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a nu

Share

EUVD-2025-17738 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy