Security Feature Bypass in App Control for Business by Microsoft
CVE-2025-33069

5.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2025 (server Core Installation); Windows 11 Version 24h2; Windows Server 2025
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-33069?

A security feature bypass vulnerability exists in Microsoft App Control for Business due to improper verification of cryptographic signatures. This flaw may allow unauthorized attackers to bypass critical security measures locally, potentially exposing sensitive data and system integrity. Organizations utilizing this software should ensure timely updates to mitigate any associated risks.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.4349

Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.4349

Windows Server 2025 x64-based Systems 10.0.26100.0 < 10.0.26100.4349

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 15, 2025