What is the CVSS score of EUVD-2025-20659?

EUVD-2025-20659 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Windows 11 22h2 are affected by EUVD-2025-20659?

CVE-2025-33054 affects Remote Desktop Client and involves insufficient UI warnings for dangerous operations, enabling attackers to trick users into executing harmful actions without adequate security…. A patch is available.

How to fix or mitigate EUVD-2025-20659?

Within 24 hours: Identify all systems running affected Remote Desktop Client versions and prepare patch deployment plan. Within 7 days: Apply vendor-released patch to all Remote Desktop Client installations; prioritize administrative and sensitive system access points. Within 30 days: Verify patch deployment completion across entire organization and conduct user awareness training on recognizing social engineering attempts exploiting this vulnerability type.

Windows 11 22h2 EUVD-2025-20659

| CVE-2025-33054 HIGH

Insufficient UI Warning of Dangerous Operations (CWE-357)

2025-07-08 secure@microsoft.com

Authentication Bypass Microsoft Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 Windows Server 2025

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:33 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

10.0.22631.5624,10.0.26100.4652,10.0.22621.5624

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20659

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 17:15 nvd

HIGH 8.1

DescriptionNVD

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

AnalysisAI

A security vulnerability in Insufficient UI warning of dangerous operations in Remote Desktop Client (CVSS 8.1) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.1 indicates high severity. Affects Insufficient UI warning of dangerous operations in Remote Desktop Client.