Remote Code Execution Flaw in Windows KDC Proxy Service Exposes Systems
CVE-2025-33071

8.1HIGH

Key Information:

Vendor

Microsoft
Status
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Windows Server 2025 (server Core Installation)
Vendor
CVE Published:
10 June 2025

Badges

đź“° News Worthy

What is CVE-2025-33071?

A vulnerability in the Windows KDC Proxy Service (KPSSVC) allows unauthorized users to execute arbitrary code across a network due to a use after free scenario. This flaw could lead to significant security risks if exploited, enabling an attacker to potentially gain control over affected systems remotely. Regular updates and vulnerability management are essential to mitigate this risk.

Affected Version(s)

Windows Server 2012 (Server Core installation) x64-based Systems 6.2.9200.0 < 6.2.9200.25522

Windows Server 2012 R2 (Server Core installation) x64-based Systems 6.3.9600.0 < 6.3.9600.22620

Windows Server 2012 R2 x64-based Systems 6.3.9600.0 < 6.3.9600.22620

News Articles

favicon imageThe Hacker News

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft patches 67 vulnerabilities, including a WEBDAV zero-day actively exploited by Stealth Falcon. Critical for enterprise security.

3 days ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-33071 : Remote Code Execution Flaw in Windows KDC Proxy Service Exposes Systems