CVE-2025-33053

Published Jun 10, 2025

Last updated 2 days ago

Exploit knownCVSS high 8.8
Windows WebDAV Client

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

Description
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability
Exploit added on
Jun 10, 2025
Exploit action due
Jul 1, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-73

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

25

  1. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/emWelqJBra https://t.co/wMFvn1YmAc

    @CloudVirtues

    13 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-33053 is a wake-up call: cyber tools from targeted Middle Eastern espionage efforts are out there. Ensure your systems are up-to-date! 🔒 #cybersecurity #infosec #threats https://t.co/wL8IlDtlhb

    @labrat_io

    13 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 About CVE-2025-33053 - a crazy Windows execution flow vulnerability This flaw abuses how Windows resolves executable paths when trusted binaries spawn child processes without full paths. For example, a legitimate tool like iediagcmd.exe is launched from a .url file that

    @nextronresearch

    13 Jun 2025

    7277 Impressions

    47 Retweets

    119 Likes

    58 Bookmarks

    0 Replies

    2 Quotes

  4. 🚨 About CVE-2025-33053 - a crazy Windows execution flow vulnerability This flaw abuses how Windows resolves executable paths when trusted binaries spawn child processes without full paths. For example, a legitimate tool like iediagcmd.exe is launched from a .url file that

    @nextronresearch

    13 Jun 2025

    1 Impression

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    13 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. URGENT: Critical Windows Vulnerability (CVE-2025-33053) Exposes Users to Hackers

    @CyberDynSteve

    13 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Zero-Day. Nation-State Espionage. Check Point Research discovered that Stealth Falcon exploited a new Microsoft vulnerability (CVE-2025-33053) to target a defense org. Read the full report: https://t.co/MdMDDk0zah #CyberSecurity #ZeroDay #ThreatIntel https://t.co/MdMDDk0zah

    @MDST9999

    13 Jun 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/MoPUhxPEGZ https://t.co/d14ZPLZiwI

    @SirajD_Official

    13 Jun 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 URGENT: Critical Windows Vulnerability (CVE-2025-33053) Exposes Users to Hackers 🚨 A severe security flaw in Windows' WebDAV technology allows attackers to take control of computers with just one click on a malicious link. https://t.co/pP96Rphaic

    @pcpitstopaus

    13 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    12 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability https://t.co/0fH0RO7ELp

    @ScyScan

    12 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/D8G0cHJlIw https://t.co/MuQ5nXtcRJ

    @scandaletti

    12 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft Fixes Zero-Day Exploited for Cyber Espionage (CVE-2025-33053) In the most recent June 2025 Patch Tuesday, software giant Microsoft has disc https://t.co/Ax30yZ8Cqh https://t.co/WVYYxWxw4O

    @AegisLens

    12 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/LzMXW4AskG https://t.co/TUd1lGAO0E

    @TechMash365

    12 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft just patched CVE-2025-33053 a high-severity (CVSS 8.8) WebDAV vulnerability. Despite not being marked "critical," it's actively exploited in the wild — and even legacy Windows systems received a fix. 🔒 Update now to stay protected: https://t.co/42QNx35msG https:

    @KasperskyKSA

    12 Jun 2025

    200 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-33053: External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. https://t.co/iB4NSKFCKb https://t.co/ttcEiJiTna

    @cyber_advising

    12 Jun 2025

    1461 Impressions

    9 Retweets

    16 Likes

    10 Bookmarks

    1 Reply

    0 Quotes

  17. ⚠️Actualizaciones de seguridad de junio de Microsoft ❗CVE-2025-33053 ❗CVE-2025-33073 ❗CVE-2025-32717 ❗CVE-2025-29828 ➡️Más info: https://t.co/GkinGPK48t https://t.co/YP7m2cOCO8

    @CERTpy

    12 Jun 2025

    174 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage https://t.co/mzYDULuVPn #CyberSecurity #Espionage

    @xcybersecnews

    12 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Hackers exploited Windows WebDav zero-day to drop malware APT group Stealth Falcon exploited a Windows WebDAV RCE zero-day (CVE-2025-33053) in targeted espionage attacks since March 2025, focusing on defense and government entities in Turkey, Qatar, Egypt, and Yemen. The flaw ht

    @dCypherIO

    12 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🔴 #Microsoft #Windows, WebDAV Path Traversal, #CVE-2025-33053 (Critical) https://t.co/c3hNVbRKfr

    @dailycve

    12 Jun 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Detect CVE-2025-33053 exploitation–zero-day RCE vulnerability in WebDAV used in Stealth Falcon APT attacks– with a set of Sigma rules in the SOC Prime Platform. https://t.co/p2jJBQZmEO

    @SOC_Prime

    12 Jun 2025

    150 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. 🦅 Stealth Falcon’s CVE-2025-33053 = Father’s Day chaos 🔥 Patch fast 👉 https://t.co/1TVADQohRx #AlphaHunt #AskYourTIP #ZeroDay #StealthFalcon #OilRig https://t.co/TGgDTKi5wg

    @alphahunt_io

    12 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. GitHub - DevBuiHieu/CVE-2025-33053-Proof-Of-Concept - https://t.co/w6u7iESmiR

    @piedpiper1616

    12 Jun 2025

    1245 Impressions

    10 Retweets

    20 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  24. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/dfct8cIWIo https://t.co/V1z94w5XnU

    @secured_cyber

    12 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🗞️ Stealth Falcon hackers exploited a Windows WebDAV zero-day (CVE-2025-33053) to deploy Horus malware in espionage attacks targeting defense and government entities in the Middle East and Africa. The flaw was patched in June 2025's Patch Tuesday. Update now! Key takeaways:

    @gossy_84

    12 Jun 2025

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. #DFIR #Malware_analysis 1. Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware https://t.co/aqWTgSmOu1 2. Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability (CVE-2025-33053) https://t.co/ag66y11dIz

    @akaclandestine

    12 Jun 2025

    669 Impressions

    0 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  27. ハッカーがWindows WebDavのゼロデイ脆弱性を悪用しマルウェアを配布(CVE-2025-33053) https://t.co/w87nczjYym #Security #セキュリティ #ニュース

    @SecureShield_

    12 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Microsoft patches zero-day (CVE-2025-33053) exploited by Stealth Falcon for cyber-espionage via disguised .url file. June 2025 Patch Tuesday: 66 vulnerabilities fixed. Update your systems! https://t.co/z256DHtDzG #Cybersecurity #PatchTuesday

    @_F2po_

    12 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. 🚨 Threat Campaign: Stealth Falcon Exploits Windows WebDAV Zero-Day (CVE-2025-33053) to Deploy Horus Agent Targeting Middle Eastern Defense and Government Sectors🚨 Summary: Stealth Falcon (aka FruityArmor) exploited a Windows WebDAV zero-day (CVE-2025-33053) via weaponized

    @CyberxtronTech

    12 Jun 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    12 Jun 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Microsoft 月例 パッチ公開 ゼロデイ脆弱性 CVE-2025-33053 に注意喚起、修正件数は66件に #セキュリティ対策Lab #セキュリティ #Security https://t.co/WUzvXKq4r7

    @securityLab_jp

    12 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Rest easy, it’s fixed. Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053). https://t.co/z9QIknOn3P #CyberSecurity #cyberespionage

    @Robert4787

    11 Jun 2025

    255 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  33. 'Stealth Falcon' exploited Windows WebDav RCE vulnerability CVE-2025-33053 in zero-day attacks against Turkey, Qatar, Egypt, and Yemen's defense and government organizations, manipulating working directories to execute remote code without local malicious files. #Security https://

    @Strivehawk

    11 Jun 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Microsoft’s June 2025 Patch Tuesday fixes 68 vulnerabilities, including a zero-day (CVE-2025-33053) exploited by Stealth Falcon via WebDAV. Nine high-risk flaws also addressed across Windows & Office. Stay protected! 🛡️ #CyberUpdate #Microsoft https://t.co/nWpFzUZKvb

    @TweetThreatNews

    11 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Stealth Falcon exploited a zero-day Windows WebDav RCE (CVE-2025-33053) to target Middle Eastern defense and government agencies. Malicious .url files enabled remote code execution, deploying Horus Loader & Horus Agent. 🔍 #CyberEspionage #MiddleEast https://t.co/tfRMYTgBD7

    @TweetThreatNews

    11 Jun 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. #KDaily@kaspersky CVE-2025-33053: хороший повод обновить Windows Привет от Internet Explorer: уязвимость в расширении протокола HTTP позволяет злоумышленникам запустить вредоносны

    @kmscom6

    11 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. #KDaily@kaspersky CVE-2025-33053: хороший повод обновить Windows Привет от Internet Explorer: уязвимость в расширении протокола HTTP позволяет злоумышленникам запустить вредоносны

    @kmscom3

    11 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. ☠️CVE-2025-33053 Zero-Day Detection Updated detection for CVE-2025-33053 where it will detect across your fleet of MDE devices irregardless of the .url file point of entry into your enterprise environment.🫡 https://t.co/jONcfy9Wjc https://t.co/2g8KmOK46k https://t.co/Tc2

    @0x534c

    11 Jun 2025

    6773 Impressions

    17 Retweets

    117 Likes

    110 Bookmarks

    1 Reply

    0 Quotes

  39. #DFIR #Malware_analysis 1. Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware https://t.co/0Khg25WUUb 2. Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability (CVE-2025-33053) https://t.co/owTRWsgkU2

    @ksg93rd

    11 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🔴 Microsoft fixes a critical WebDAV RCE bug (CVE-2025-33053) exploited by Stealth Falcon. Attackers used legit tools + phishing to infect defense targets. Patch ASAP. #ZeroDay #Microsoft #Darkweb #Deepweb Breaking news from the world & Darkweb: https://t.co/ZF7G3lwjoe htt

    @godeepweb

    11 Jun 2025

    67 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  41. Patch Tuesday Microsoft : 66 vulnérabilités corrigées, dont 2 zéro-days CVE-2025-33053 (WebDAV) et CVE-2025-33073 (SMB). https://t.co/rjXRImWuLP

    @cert_ist

    11 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. CVE-2025-33073 (CVSS 8.8): Windows SMB Client Elevation of Privilege Vulnerability which could allow an attacker to gain SYSTEM privileges on vulnerable devices. - CVE-2025-33053 has been added to CISA’s KEV Catalog indicating reliable reports of active exploitation.

    @huseyin_y13238

    11 Jun 2025

    1 Impression

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Microsoft's June 2025 Patch Tuesday tackled 66 vulnerabilities, including a critical zero-day exploit, CVE-2025-33053, actively used by the Stealth Falcon espionage group. This WebDAV flaw enabled remote code execution, targeting a defense company in Turkey. Up to 80% of https://

    @tony3266

    11 Jun 2025

    115 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/SmyEmFiLDL https://t.co/wSrkTmXCKZ

    @ggrubamn

    11 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Быстро обновляемся: вторничным патчем компания Microsoft закрыла неприятный «сюрприз» (наследие Internet Explorer): уязвимость в расширении протокола HTTP позволяет

    @Kaspersky_ru

    11 Jun 2025

    177 Impressions

    3 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  46. CVE-2025-33053 : Stealth Falcon and Horus - A Saga of Middle Eastern Cyber Espionage https://t.co/DYQo1wTG5H https://t.co/LUihCdTjDe

    @freedomhack101

    11 Jun 2025

    24 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Microsoft June 2025 Patch Tuesday fixes exploited zero-day Microsoft’s June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited (CVE-2025-33053, a WEBDAV RCE flaw used by APT group Stealth Falcon) and one publicly disclosed zero-day (CVE-2025-3307

    @dCypherIO

    11 Jun 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) https://t.co/Nyrv2lfx5t #HelpNetSecurity #Cybersecurity https://t.co/dEPbq6u1T8

    @PoseidonTPA

    11 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/HqBYKBvdq0 https://t.co/ZM81ZqgJuj

    @Trej0Jass

    11 Jun 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Check Point Research discovered a new campaign conducted by the APT group Stealth Falcon. The attack used a .url file that exploited a zero-day vulnerability (CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. https://t.co/VpVDtm35N0 https://t.co/NUxp279EV

    @virusbtn

    11 Jun 2025

    2960 Impressions

    15 Retweets

    52 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.