CVE-2025-33053 is a remote code execution vulnerability in Windows Internet Shortcut Files that requires user interaction (clicking malicious WebDAV links). While it has CVSS attack vector NETWORK, it primarily relies on spearphishing rather than direct exploitation of internet-facing services.
Data Source: CIRCL
Confidence: MEDIUM
Exploitation Method: PHISHING
CVE Published: 2025-06-10
Added to CISA KEV: 2025-06-10 0 DAY BETWEEN CVE AND KEV
CVE-2025-33053 is a critical remote code execution (RCE) vulnerability affecting Microsoft Windows WebDAV client. Here's what is known about its exploitation:
1. Internet-Facing Applications/Services: The vulnerability impacts internet-facing WebDAV servers, posing a significant risk to organizations with such systems [1][2].
2. Active Exploitation: There is confirmed evidence of active exploitation of this vulnerability in the wild [3][4].
3. Attack Vectors and Exploitation Methods: - The vulnerability stems from external control of file names or paths in Internet Shortcut Files [5][6]. - Attackers can achieve RCE if a victim clicks a link to a malicious WebDAV server they control [7]. - Spearphishing links are a known sub-technique used in these attacks [7]. - Successful exploitation allows attackers to execute arbitrary code remotely without dropping malicious files locally, making their operations stealthy [8].
4. Targeted Attacks: - Advanced Persistent Threat (APT) groups, such as Stealth Falcon, have actively exploited this vulnerability in targeted campaigns [3][9]. - It has been used in attacks against a major Turkish defense company [9].
5. CISA Known Exploited Vulnerabilities (KEV) Status: CISA has added CVE-2025-33053 to its KEV Catalog due to evidence of active exploitation [3].
6. Technical Details on Internet Exploitability: - It is a remote code execution flaw with a high CVSS rating of 8.8 [4]. - The attack complexity is low, meaning exploitation does not require significant effort or advanced skills [4]. - Attackers can execute arbitrary code over a network through external control of file names or paths in WebDAV [6][5].
The WebDAV zero-day (CVE-2025-33053) poses an immediate risk to organizations with internet-facing systems, while the SMB vulnerability (CVE-2025-33073) threatens internal network security. Microsoft Patch Tuesday June 2025 List.
CVE-2025-33053 specifically affects the server-side implementation, making internet-facing WebDAV servers particularly vulnerable to remote ...
A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub. The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targβ¦
vulnerabilities. CVE-2025-33053: a good reason to update Windows.CVE-2025-33053 has a fairly high rating on the Common Vulnerability Scoring System scale β 8.8; its exploitation has been detected in the wildβ¦
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.