CVE-2025-33053 is a remote code execution vulnerability in Windows Internet Shortcut Files that requires user interaction (clicking malicious WebDAV links). While it has CVSS attack vector NETWORK, it primarily relies on spearphishing rather than direct exploitation of internet-facing services.
Data Source: CIRCL
Confidence: MEDIUM
Exploitation Method: PHISHING
CVE Published: 2025-06-10
Added to CISA KEV: 2025-06-10 0 DAY BETWEEN CVE AND KEV
The WebDAV zero-day (CVE-2025-33053) poses an immediate risk to organizations with internet-facing systems, while the SMB vulnerability (CVE-2025-33073) threatens internal network security. Microsoft Patch Tuesday June 2025 List.
CVE-2025-33053 specifically affects the server-side implementation, making internet-facing WebDAV servers particularly vulnerable to remote ...
A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub. The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targeted campaigns against enterprise networks.
vulnerabilities. CVE-2025-33053: a good reason to update Windows.CVE-2025-33053 has a fairly high rating on the Common Vulnerability Scoring System scale — 8.8; its exploitation has been detected in the wild
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.