#VU110752 Use of uninitialized resource in Windows - CVE-2025-33070

Cybersecurity Help s.r.o.

Published: 2025-06-10

Vulnerability identifier: #VU110752

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-33070

CWE-ID: CWE-908

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Windows Netlogon. A remote attacker can pass specially crafted data to the application, trigger uninitialized usage of resources and gain domain administrator privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 10 1809 10.0.17763.1, 10 1809 10.0.17763.55, 10 1809 10.0.17763.107, 10 1809 10.0.17763.134, 10 1809 10.0.17763.168, 10 1809 10.0.17763.194, 10 1809 10.0.17763.195, 10 1809 10.0.17763.253 - 10 1809 10.0.17763.2213, 10 1809 10.0.17763.292 - 10 1809 10.0.17763.2510, 10 1809 10.0.17763.316, 10 1809 10.0.17763.348, 10 1809 10.0.17763.379, 10 1809 10.0.17763.404, 10 1809 10.0.17763.437, 10 1809 10.0.17763.439, 10 1809 10.0.17763.475, 10 1809 10.0.17763.503, 10 1809 10.0.17763.504, 10 1809 10.0.17763.529, 10 1809 10.0.17763.557, 10 1809 10.0.17763.592, 10 1809 10.0.17763.593, 10 1809 10.0.17763.615, 10 1809 10.0.17763.652, 10 1809 10.0.17763.678, 10 1809 10.0.17763.720, 10 1809 10.0.17763.737, 10 1809 10.0.17763.740, 10 1809 10.0.17763.774, 10 1809 10.0.17763.775, 10 1809 10.0.17763.805, 10 1809 10.0.17763.832, 10 1809 10.0.17763.864, 10 1809 10.0.17763.914, 10 1809 10.0.17763.973, 10 1809 10.0.17763.1012, 10 1809 10.0.17763.1039, 10 1809 10.0.17763.1075, 10 1809 10.0.17763.1098, 10 1809 10.0.17763.1131, 10 1809 10.0.17763.1132, 10 1809 10.0.17763.1158, 10 1809 10.0.17763.1192, 10 1809 10.0.17763.1217, 10 1809 10.0.17763.1282, 10 1809 10.0.17763.1294, 10 1809 10.0.17763.1339, 10 1809 10.0.17763.1369, 10 1809 10.0.17763.1397, 10 1809 10.0.17763.1432, 10 1809 10.0.17763.1457, 10 1809 10.0.17763.1490, 10 1809 10.0.17763.1518, 10 1809 10.0.17763.1554, 10 1809 10.0.17763.1577, 10 1809 10.0.17763.1579, 10 1809 10.0.17763.1613, 10 1809 10.0.17763.1637, 10 1809 10.0.17763.1697, 10 1809 10.0.17763.1728, 10 1809 10.0.17763.1757, 10 1809 10.0.17763.1790, 10 1809 10.0.17763.1817, 10 1809 10.0.17763.1821, 10 1809 10.0.17763.1823, 10 1809 10.0.17763.1852, 10 1809 10.0.17763.1879, 10 1809 10.0.17763.1911, 10 1809 10.0.17763.1935, 10 1809 10.0.17763.1971, 10 1809 10.0.17763.2565, 10 1809 10.0.17763.2628, 10 1809 10.0.17763.2686, 10 1809 10.0.17763.2746, 10 1809 10.0.17763.2803, 10 1809 10.0.17763.2867, 10 1809 10.0.17763.2928, 10 1809 10.0.17763.2931, 10 1809 10.0.17763.2989, 10 1809 10.0.17763.3046, 10 1809 10.0.17763.3113, 10 1809 10.0.17763.3165, 10 1809 10.0.17763.3232, 10 1809 10.0.17763.3287, 10 1809 10.0.17763.3346, 10 1809 10.0.17763.3406, 10 1809 10.0.17763.3469, 10 1809 10.0.17763.3532, 10 1809 10.0.17763.3534, 10 1809 10.0.17763.3650, 10 1809 10.0.17763.3653, 10 1809 10.0.17763.3770, 10 1809 10.0.17763.3772, 10 1809 10.0.17763.3887, 10 1809 10.0.17763.4010, 10 1809 10.0.17763.4131, 10 1809 10.0.17763.4252, 10 1809 10.0.17763.4377, 10 1809 10.0.17763.4499, 10 1809 10.0.17763.4645

External links
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Microsoft Windows Netlogon