CVE-2025-33053
HIGH severity · CVSS 8.8 · CWE-73 · actively exploited (CISA KEV)
8.8CVSS HIGH ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2025-06-10. US federal agencies must patch by 2025-07-01.
Summary
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)50%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053Advisory
- https://www.vicarius.io/vsociety/posts/cve-2025-33053-mitigation-script-remote-code-execution-vulnerability-in-microsoft-webdavAdvisory
- https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
- https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
- https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast
- https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/
- https://research.checkpoint.com/2025/stealth-falcon-zero-day/Exploit
- https://www.vicarius.io/vsociety/posts/cve-2025-33053-detection-script-remote-code-execution-vulnerability-in-microsoft-webdavAdvisory