CVE-2025-33050 Overview
CVE-2025-33050 is a denial-of-service vulnerability in the Microsoft Windows DHCP Server service. The flaw stems from a protection mechanism failure [CWE-693] that allows an unauthenticated remote attacker to disrupt DHCP service availability over the network. An attacker can send crafted traffic to a vulnerable DHCP server and prevent it from servicing legitimate DHCP requests. Because DHCP is foundational to IP address allocation, a successful attack can cascade into widespread network connectivity failures for clients dependent on dynamic addressing. Microsoft addressed the issue in its June 2025 security update cycle.
Critical Impact
Unauthenticated remote attackers can disable DHCP services on affected Windows Server hosts, preventing IP address assignment and breaking network connectivity for downstream clients.
Affected Products
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows Server 2022 (including 23H2)
- Microsoft Windows Server 2025
Discovery Timeline
- 2025-06-10 - CVE-2025-33050 published to NVD
- 2025-06-10 - Microsoft releases security update addressing CVE-2025-33050
- 2025-07-10 - Last updated in NVD database
Technical Details for CVE-2025-33050
Vulnerability Analysis
The vulnerability resides in the Windows DHCP Server role, which handles dynamic IP address allocation using the Dynamic Host Configuration Protocol. The flaw is classified under [CWE-693] Protection Mechanism Failure, indicating that a safeguard intended to prevent abusive or malformed input does not function as designed. An attacker exploiting this weakness can render the DHCP service unresponsive without authenticating or interacting with a user. Because the attack targets availability only, confidentiality and integrity remain unaffected. The EPSS probability of 10.844% places this vulnerability in the 93rd percentile for likelihood of exploitation activity.
Root Cause
The root cause is an inadequate protection mechanism within the DHCP Server service that fails to properly validate or constrain specific network input. When the protective control is bypassed or exhausted, the service enters a state where it can no longer process DHCP DISCOVER, REQUEST, or related messages from clients. Microsoft has not published low-level technical details beyond the advisory.
Attack Vector
The attack is conducted over the network against UDP port 67, where the DHCP server listens. No authentication, privileges, or user interaction are required. An attacker with network reachability to the DHCP server, including an adversary on the local broadcast domain or one that has pivoted into an internal network segment, can transmit crafted DHCP traffic that triggers the protection mechanism failure and halts service availability.
No public proof-of-concept exploit code or verified technical write-up is available at this time. Refer to the Microsoft Security Update Guide for CVE-2025-33050 for vendor-supplied details.
Detection Methods for CVE-2025-33050
Indicators of Compromise
- Sudden cessation of DHCP lease grants or renewals across an environment despite an apparently running DHCP service
- Unusual volume or malformed DHCP traffic directed at UDP port 67 on the DHCP server
- DHCP service crashes, hangs, or repeated restarts recorded in the Windows System and DHCP Server event logs
- Spikes in client-side DHCP failed events and devices falling back to APIPA (169.254.x.x) addresses
Detection Strategies
- Monitor the Windows DHCP Server service state and key event IDs (e.g., 1056, 1059, 10031) for abnormal patterns or service termination
- Inspect network telemetry for high-rate or anomalously structured DHCP packets originating from a single host or subnet
- Correlate DHCP service degradation with concurrent network-layer events to identify intentional disruption versus capacity issues
Monitoring Recommendations
- Alert on DHCP Server service stop, restart, or unresponsive states from infrastructure monitoring
- Track DHCP scope utilization, lease grant rates, and NACK counts to detect availability regressions
- Capture and retain packet samples on DHCP-facing interfaces to support incident triage and forensic analysis
How to Mitigate CVE-2025-33050
Immediate Actions Required
- Apply the Microsoft June 2025 security update to all Windows Server hosts running the DHCP Server role
- Inventory all systems where the DHCP Server role is enabled, including domain controllers and branch office servers, and prioritize patching
- Restrict network paths to UDP port 67 so that only trusted client segments can reach DHCP servers
Patch Information
Microsoft published security updates for all affected Windows Server versions on June 10, 2025. Administrators should consult the Microsoft Security Update Guide for CVE-2025-33050 to identify the specific KB articles for Windows Server 2016, 2019, 2022, 2022 23H2, and 2025, then deploy the updates through Windows Update, WSUS, or Microsoft Configuration Manager.
Workarounds
- Deploy redundant DHCP servers with failover or split-scope configurations to maintain availability if one server is disrupted
- Use DHCP snooping and rate limiting on access switches to constrain malicious DHCP traffic from untrusted ports
- Segment DHCP infrastructure behind firewall rules that permit DHCP traffic only from authorized VLANs and relay agents
- Disable the DHCP Server role on hosts where it is not required to reduce attack surface
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

