CVE-2025-33053

Published Jun 10, 2025

Last updated 5 months ago

Exploit knownCVSS high 8.8
Windows WebDAV Client

Overview

Description
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows External Control of File Name or Path Vulnerability
Exploit added on
Jun 10, 2025
Exploit action due
Jul 1, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage. https://t.co/byAsSkHOid

    @rob_OSINT

    20 Jan 2026

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-33053-POC #exploit #scanner #web POC for CVE-2025-33053 WebDav Exploit, demonstrating how the vulnerability can be triggered in a real environment. This repository focuses on hands-on exploitation steps, reproducible test cases, a... https://t.co/m8GzRTU9cp

    @TheExploitLab

    22 Dec 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE of the Week: Electromagnetic mushroom! 🔋🍄 CVE-2025-33053 is a remote code execution vulnerability identified in Microsoft WebDAV. The flaw allows crafted .url files to manipulate working directories and trick legitimate Windows utilities into executing remote code with

    @vicariusltd

    20 Nov 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Top 5 Trending CVEs: 1 - CVE-2017-1001000 2 - CVE-2025-33073 3 - CVE-2025-26686 4 - CVE-2025-24893 5 - CVE-2025-33053 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Nov 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Just watched John Hammond’s breakdown of CVE-2025-33053, where he demonstrated how a simple Windows shortcut (.lnk) could be weaponized for remote code execution. Inspired by his analysis, I revisited and rewrote my earlier detection logic—now it catches his proof-of-concept

    @0x534c

    13 Nov 2025

    29239 Impressions

    26 Retweets

    223 Likes

    141 Bookmarks

    4 Replies

    3 Quotes

  6. Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: https://t.co/zw5UzSDVEn

    @_JohnHammond

    13 Nov 2025

    32690 Impressions

    29 Retweets

    204 Likes

    72 Bookmarks

    9 Replies

    2 Quotes

  7. The following vulnerabilities have been added to our feed: - CVE-2025-33053: Microsoft Windows Internet Shortcut Files RCE - CVE-2025-25257: Fortinet FortiWeb RCE - CVE-2025-50154: Microsoft Windows File Explorer NTLM Leak https://t.co/av7UZS4l6H

    @crowdfense

    16 Oct 2025

    2191 Impressions

    3 Retweets

    23 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 Cyber Security Alert 🚨 "Alert: Notorious APT group Stealth Falcon targeting high-profile Middle Eastern entities with URL file using LOLBin for malware execution. Learn more about CVE-2025-33053 and Horus cyber espionage saga. #CyberSecurity"

    @ScureInfosec

    5 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Stealth Falcon just slapped CVE-2025-33053 on your WebDAV like a “Kick Me” sign—meanwhile OilRig’s stacking supply-chain Jenga for ransomware speed-runs. Patch or pray. Read more / subscribe. → https://t.co/1TVADQohRx #AlphaHunt #CyberSecurity #ZeroDay

    @alphahunt_io

    6 Aug 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Stealth Falcon just gift-wrapped CVE-2025-33053 for your weekend WebDAV drill; OilRig’s stacking supply-chain Jenga. Keep doomscrolling, or read the 3-min roast & patch before HR asks why the lights are out. Read more → https://t.co/1TVADQohRx #AlphaHunt #CyberSecurity

    @alphahunt_io

    28 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    9 Jul 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Microsoft's July 2025 Patch Tuesday fixes 137 vulnerabilities, including a critical WebDAV zero-day (CVE-2025-33053) under active attack. Critical RCE flaws in SharePoint, SMB Client, and Office need urgent patching. Full details: https://t.co/KfccdmfNre

    @RedTeamNewsBlog

    8 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/E3BokSDPcr https://t.co/cus35yDxqK

    @Trej0Jass

    7 Jul 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Patch Tuesday de junho mandou 67 correções … o zero-day WebDAV RCE CVE-2025-33053 já tá rolando ataque em produção!

    @hashtagsec

    7 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. GitHub - DevBuiHieu/CVE-2025-33053-Proof-Of-Concept: CVE-2025-33053 Proof Of Concept (PoC) https://t.co/lOxrRaKyAO

    @akaclandestine

    6 Jul 2025

    1736 Impressions

    4 Retweets

    22 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    6 Jul 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    4 Jul 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage TLM.005_TELESKOPIK_MAST_HASAR_BILDIRIM_RAPORU.pdf.url -> Horus loader https://t.co/MGcF7cS2yG https://t.co/Kfrha7piAh

    @MBerkaySoylu

    2 Jul 2025

    693 Impressions

    2 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    2 Jul 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Microsoft WebDAV en fuego: CVE-2025-33053 (CVSS 8.8) te regala RCE zero-day sin tarjeta de visita. Stealth Falcon ya la explota. Parchéalo YA o prepara tu próximo informe con drama. 😉 #CVE2025 #WebDAV #BugBounty https://t.co/T5HTPXUv8W

    @gorkaelbochi

    30 Jun 2025

    14 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage https://t.co/NHjE3lJkFn https://t.co/6CAWwQTcOw

    @5mukx

    30 Jun 2025

    1774 Impressions

    7 Retweets

    42 Likes

    15 Bookmarks

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    29 Jun 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    29 Jun 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    28 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/6Ycw6YvD3D https://t.co/ebBbDqTIfk

    @IT_Peurico

    23 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🔴 SECURITY UPDATE - 19/06/2025 Informational change on CVE-2025-33053 related to Internet Shortcut Files. No action required, but ensure systems are monitored for potential risks. Source: https://t.co/5Q7EpBehz0

    @kernyx64

    23 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🚨 New zero-day alert: CVE-2025-33053 (WebDAV RCE in Windows) is actively exploited! Check out https://t.co/xslB4PNTRc for more details. 🖥️ Affected products & versions 🛡️ How to protect your systems 🛠️ Compensating controls & workarounds Stay secure

    @transilienceai

    23 Jun 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    23 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Windows WebDAV ゼロデイ CVE-2025-33053 の悪用:APT グループ Stealth Falcon の高度な戦略 https://t.co/R1phQPrTR6 この Stealth Falcon による攻撃は、”.url” ファイルを悪用する WebDAV 経由でのマルウェア展開という、新たなゼロ

    @iototsecnews

    23 Jun 2025

    66 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    23 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. 🔴 SECURITY UPDATE - 19/06/2025 Important CVE-2025-33053 affects Internet Shortcut Files, potentially leading to remote code execution. Ensure all affected systems are updated. Source: https://t.co/5Q7EpBehz0

    @kernyx64

    22 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    22 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. 🔴 SECURITY UPDATE - 19/06/2025 Informational update for CVE-2025-33053: Internet Shortcut Files Remote Code Execution Vulnerability. Affected systems require attention. Source: https://t.co/5Q7EpBehz0

    @kernyx64

    21 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    21 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. ⚠️ Urgent: Microsoft patches 66 flaws! CVE-2025-33053 (WebDAV) is exploited—clicking malicious links can hack your PC. 1️⃣Update Windows NOW to stay safe! Also, 2️⃣Update Edge/Chrome for CVE-2025-4664, CVE-2025-5419 fixes. #PatchTuesday #Cybersecurity https://t.c

    @CyberWolfGuard

    21 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    21 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. 🔴 SECURITY UPDATE - 19/06/2025 Informational change for CVE-2025-33053 concerning Internet Shortcut Files. No immediate action required, but stay informed on potential risks. Source: https://t.co/5Q7EpBehz0

    @kernyx64

    20 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. قامت مايكروسوفت بإصلاح ثغرة CVE-2025-33053 في WebDAV، والتي تُصنّف بخطورة عالية (8.8) ويتم استغلالها فعليًا. تم إصدار التحديث لأنظمة ويندوز الحديثة والقديمة. 🔒 حدّ

    @KasperskyKSA

    20 Jun 2025

    211 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    19 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    18 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. 🚨 APT group Stealth Falcon is exploiting CVE-2025-33053 via a Windows WebDav RCE flaw. Targets include gov & defence sectors in the Middle East. At Asta, we protect your systems with 24/7 monitoring & advanced solutions. 🔗  https://t.co/aH9WSJOqn8 #CyberSecurity

    @astasolutions

    18 Jun 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    18 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/lVfrIlNVXd https://t.co/FlxtRH8Adt

    @IdentityJason

    17 Jun 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Microsoft WEBDAV Remote Code Execution Vulnerability (CVE-2025-33053) #CVE202533053 #CyberSecurity #Microsoft #MicrosoftWindows https://t.co/tK2IeaTLMf https://t.co/KDaKn6MbCs

    @SystemTek_UK

    16 Jun 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Top 5 Trending CVEs: 1 - CVE-2025-33053 2 - CVE-2025-3052 3 - CVE-2025-49113 4 - CVE-2025-33073 5 - CVE-2025-25022 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. #WeeklyThreats: L’Italia nel mirino di NoName057(16) e dello #spyware #Graphite, scoperto PathWiper in #Ucraina, #APT emiratino sfrutta CVE-2025-33053 di Microsoft. L'ultima settimana nel nostro report #OSINT e #CTI 🔗 https://t.co/DamDU7uqVC @TelsyGruppoTIM #ThreatIntellig

    @TS_WAY_SRL

    16 Jun 2025

    66 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    15 Jun 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  48. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/vxCI0nHXB1 https://t.co/6dcww4zNat

    @mayurk21

    15 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    15 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  50. Cybersecurity isn't just about firewalls and antivirus; it's about understanding the ever-evolving threats. Recently, CVE-2025-33053 has raised alarms in the Middle East. Stay alert-your defence should adapt faster than the attackers! #cybersecurity #infosec #CVE2025

    @labrat_io

    15 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  2. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  3. Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-25189
  4. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.CVE-2026-25188
  5. Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.CVE-2026-25187

References

Sources include official advisories and independent security research.