CVE-2025-50171 CRITICAL

CVE-2025-50171: Remote Desktop Spoofing Vulnerability

Vendor Microsoft
Product Windows 10 Version 21H2
Weakness CWE-862 · Missing authorization
Published August 12, 2025
Last update February 13, 2026
View on NVD All CVEs

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

What the vulnerability does

01Description

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
February 13, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability CVE-2025-11172 Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update CVE-2026-5371 MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset CVE-2023-47757 WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control CVE-2023-47762 WordPress BetterDocs plugin <= 2.5.2 - Broken Access Control vulnerability