CVE-2025-33069

Published: Jun 10, 2025Modified: Jul 10, 2025

5.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.5 / Impact: 2.5

Source: secure@microsoft.com (Secondary)

Description

Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.

Affected (2)

Products: Microsoft: Windows 11 24h2, Windows Server 2025

Microsoft

2 products

Windows 11 24h2

Windows Server 2025

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 11 24h2	Before 10.0.26100.4270
Microsoft Windows Server 2025	Before 10.0.26100.4270

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33069

Source: secure@microsoft.com

Vendor Advisory

Timeline

No history available yet.