Vulnerability intelligence

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.

CVE-2025-33070 is an elevation of privilege vulnerability affecting Windows Netlogon. It stems from the use of an uninitialized resource within the Netlogon service. An unauthorized attacker can exploit this vulnerability to elevate their privileges over a network. This can be achieved by sending specially crafted authentication requests to affected domain controllers. Successful exploitation could allow an attacker to gain domain administrator privileges, potentially giving them significant control over the domain controller.

CVE-2025-24016 is a critical remote code execution (RCE) vulnerability found in the Wazuh security platform, versions 4.4.0 through 4.9.0. It allows attackers to execute arbitrary code on affected Wazuh servers. The vulnerability arises from unsafe deserialization of DistributedAPI (DAPI) parameters. These parameters are serialized as JSON and then deserialized using the `as_wazuh_object` function. Attackers can exploit this by injecting a malicious, unsanitized dictionary into a DAPI request or response, leading to the execution of arbitrary Python code. This vulnerability can be exploited by anyone with API access, potentially including compromised dashboards, other Wazuh servers within a cluster, or even compromised agents, depending on the configuration. Wazuh has addressed this vulnerability in version 4.9.1. Users are strongly encouraged to update to this version to mitigate the risk of exploitation.

CVE-2025-32433 is a vulnerability found in the Erlang/OTP SSH server. It stems from a flaw in the SSH protocol message handling, which allows an attacker with network access to execute arbitrary code on the server without authentication. Specifically, the vulnerability enables a malicious actor to send connection protocol messages before authentication takes place. Successful exploitation could lead to full compromise of the host, unauthorized access, manipulation of sensitive data, or denial-of-service attacks.

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.