CVE-2025-33053

Published Jun 10, 2025

Last updated 21 hours ago

Exploit knownCVSS high 8.8
Windows WebDAV Client

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-33053 is a remote code execution vulnerability affecting the WebDAV client in Microsoft Windows. It stems from insufficient input validation in WebDAV file path handling, allowing an attacker to execute arbitrary code over a network. Successful exploitation requires a user to click on a specially crafted WebDAV URL, potentially leading to unauthorized access to sensitive system resources, compromise of system integrity and confidentiality, or even full control of the affected system. This vulnerability has been actively exploited in the wild.

Description
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability
Exploit added on
Jun 10, 2025
Exploit action due
Jul 1, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-73

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

26

  1. URGENT: Critical Windows Vulnerability (CVE-2025-33053) Exposes Users to Hackers

    @CyberDynSteve

    13 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 URGENT: Critical Windows Vulnerability (CVE-2025-33053) Exposes Users to Hackers 🚨 A severe security flaw in Windows' WebDAV technology allows attackers to take control of computers with just one click on a malicious link. https://t.co/pP96Rphaic

    @pcpitstopaus

    13 Jun 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability https://t.co/0fH0RO7ELp

    @ScyScan

    12 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Stealth Falcon exploits Zero-Day Vulnerability CVE-2025-33053 https://t.co/D8G0cHJlIw https://t.co/MuQ5nXtcRJ

    @scandaletti

    12 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Microsoft Fixes Zero-Day Exploited for Cyber Espionage (CVE-2025-33053) In the most recent June 2025 Patch Tuesday, software giant Microsoft has disc https://t.co/Ax30yZ8Cqh https://t.co/WVYYxWxw4O

    @AegisLens

    12 Jun 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/LzMXW4AskG https://t.co/TUd1lGAO0E

    @TechMash365

    12 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-33053: External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. https://t.co/iB4NSKFCKb https://t.co/ttcEiJiTna

    @cyber_advising

    12 Jun 2025

    1147 Impressions

    8 Retweets

    14 Likes

    10 Bookmarks

    1 Reply

    0 Quotes

  8. ⚠️Actualizaciones de seguridad de junio de Microsoft ❗CVE-2025-33053 ❗CVE-2025-33073 ❗CVE-2025-32717 ❗CVE-2025-29828 ➡️Más info: https://t.co/GkinGPK48t https://t.co/YP7m2cOCO8

    @CERTpy

    12 Jun 2025

    161 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage https://t.co/mzYDULuVPn #CyberSecurity #Espionage

    @xcybersecnews

    12 Jun 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Hackers exploited Windows WebDav zero-day to drop malware APT group Stealth Falcon exploited a Windows WebDAV RCE zero-day (CVE-2025-33053) in targeted espionage attacks since March 2025, focusing on defense and government entities in Turkey, Qatar, Egypt, and Yemen. The flaw ht

    @dCypherIO

    12 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🔴 #Microsoft #Windows, WebDAV Path Traversal, #CVE-2025-33053 (Critical) https://t.co/c3hNVbRKfr

    @dailycve

    12 Jun 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Detect CVE-2025-33053 exploitation–zero-day RCE vulnerability in WebDAV used in Stealth Falcon APT attacks– with a set of Sigma rules in the SOC Prime Platform. https://t.co/p2jJBQZmEO

    @SOC_Prime

    12 Jun 2025

    143 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. 🦅 Stealth Falcon’s CVE-2025-33053 = Father’s Day chaos 🔥 Patch fast 👉 https://t.co/1TVADQohRx #AlphaHunt #AskYourTIP #ZeroDay #StealthFalcon #OilRig https://t.co/TGgDTKi5wg

    @alphahunt_io

    12 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. GitHub - DevBuiHieu/CVE-2025-33053-Proof-Of-Concept - https://t.co/w6u7iESmiR

    @piedpiper1616

    12 Jun 2025

    1231 Impressions

    10 Retweets

    19 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/dfct8cIWIo https://t.co/V1z94w5XnU

    @secured_cyber

    12 Jun 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🗞️ Stealth Falcon hackers exploited a Windows WebDAV zero-day (CVE-2025-33053) to deploy Horus malware in espionage attacks targeting defense and government entities in the Middle East and Africa. The flaw was patched in June 2025's Patch Tuesday. Update now! Key takeaways:

    @gossy_84

    12 Jun 2025

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. #DFIR #Malware_analysis 1. Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware https://t.co/aqWTgSmOu1 2. Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability (CVE-2025-33053) https://t.co/ag66y11dIz

    @akaclandestine

    12 Jun 2025

    669 Impressions

    0 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  18. ハッカーがWindows WebDavのゼロデイ脆弱性を悪用しマルウェアを配布(CVE-2025-33053) https://t.co/w87nczjYym #Security #セキュリティ #ニュース

    @SecureShield_

    12 Jun 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Microsoft patches zero-day (CVE-2025-33053) exploited by Stealth Falcon for cyber-espionage via disguised .url file. June 2025 Patch Tuesday: 66 vulnerabilities fixed. Update your systems! https://t.co/z256DHtDzG #Cybersecurity #PatchTuesday

    @_F2po_

    12 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 Threat Campaign: Stealth Falcon Exploits Windows WebDAV Zero-Day (CVE-2025-33053) to Deploy Horus Agent Targeting Middle Eastern Defense and Government Sectors🚨 Summary: Stealth Falcon (aka FruityArmor) exploited a Windows WebDAV zero-day (CVE-2025-33053) via weaponized

    @CyberxtronTech

    12 Jun 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    12 Jun 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Microsoft 月例 パッチ公開 ゼロデイ脆弱性 CVE-2025-33053 に注意喚起、修正件数は66件に #セキュリティ対策Lab #セキュリティ #Security https://t.co/WUzvXKq4r7

    @securityLab_jp

    12 Jun 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Rest easy, it’s fixed. Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053). https://t.co/z9QIknOn3P #CyberSecurity #cyberespionage

    @Robert4787

    11 Jun 2025

    255 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  24. 'Stealth Falcon' exploited Windows WebDav RCE vulnerability CVE-2025-33053 in zero-day attacks against Turkey, Qatar, Egypt, and Yemen's defense and government organizations, manipulating working directories to execute remote code without local malicious files. #Security https://

    @Strivehawk

    11 Jun 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Microsoft’s June 2025 Patch Tuesday fixes 68 vulnerabilities, including a zero-day (CVE-2025-33053) exploited by Stealth Falcon via WebDAV. Nine high-risk flaws also addressed across Windows & Office. Stay protected! 🛡️ #CyberUpdate #Microsoft https://t.co/nWpFzUZKvb

    @TweetThreatNews

    11 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Stealth Falcon exploited a zero-day Windows WebDav RCE (CVE-2025-33053) to target Middle Eastern defense and government agencies. Malicious .url files enabled remote code execution, deploying Horus Loader & Horus Agent. 🔍 #CyberEspionage #MiddleEast https://t.co/tfRMYTgBD7

    @TweetThreatNews

    11 Jun 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. #KDaily@kaspersky CVE-2025-33053: хороший повод обновить Windows Привет от Internet Explorer: уязвимость в расширении протокола HTTP позволяет злоумышленникам запустить вредоносны

    @kmscom6

    11 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. #KDaily@kaspersky CVE-2025-33053: хороший повод обновить Windows Привет от Internet Explorer: уязвимость в расширении протокола HTTP позволяет злоумышленникам запустить вредоносны

    @kmscom3

    11 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. ☠️CVE-2025-33053 Zero-Day Detection Updated detection for CVE-2025-33053 where it will detect across your fleet of MDE devices irregardless of the .url file point of entry into your enterprise environment.🫡 https://t.co/jONcfy9Wjc https://t.co/2g8KmOK46k https://t.co/Tc2

    @0x534c

    11 Jun 2025

    6773 Impressions

    17 Retweets

    117 Likes

    110 Bookmarks

    1 Reply

    0 Quotes

  30. #DFIR #Malware_analysis 1. Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware https://t.co/0Khg25WUUb 2. Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability (CVE-2025-33053) https://t.co/owTRWsgkU2

    @ksg93rd

    11 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🔴 Microsoft fixes a critical WebDAV RCE bug (CVE-2025-33053) exploited by Stealth Falcon. Attackers used legit tools + phishing to infect defense targets. Patch ASAP. #ZeroDay #Microsoft #Darkweb #Deepweb Breaking news from the world & Darkweb: https://t.co/ZF7G3lwjoe htt

    @godeepweb

    11 Jun 2025

    67 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  32. Patch Tuesday Microsoft : 66 vulnérabilités corrigées, dont 2 zéro-days CVE-2025-33053 (WebDAV) et CVE-2025-33073 (SMB). https://t.co/rjXRImWuLP

    @cert_ist

    11 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-33073 (CVSS 8.8): Windows SMB Client Elevation of Privilege Vulnerability which could allow an attacker to gain SYSTEM privileges on vulnerable devices. - CVE-2025-33053 has been added to CISA’s KEV Catalog indicating reliable reports of active exploitation.

    @huseyin_y13238

    11 Jun 2025

    1 Impression

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Microsoft's June 2025 Patch Tuesday tackled 66 vulnerabilities, including a critical zero-day exploit, CVE-2025-33053, actively used by the Stealth Falcon espionage group. This WebDAV flaw enabled remote code execution, targeting a defense company in Turkey. Up to 80% of https://

    @tony3266

    11 Jun 2025

    115 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/SmyEmFiLDL https://t.co/wSrkTmXCKZ

    @ggrubamn

    11 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Быстро обновляемся: вторничным патчем компания Microsoft закрыла неприятный «сюрприз» (наследие Internet Explorer): уязвимость в расширении протокола HTTP позволяет

    @Kaspersky_ru

    11 Jun 2025

    177 Impressions

    3 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  37. CVE-2025-33053 : Stealth Falcon and Horus - A Saga of Middle Eastern Cyber Espionage https://t.co/DYQo1wTG5H https://t.co/LUihCdTjDe

    @freedomhack101

    11 Jun 2025

    24 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Microsoft June 2025 Patch Tuesday fixes exploited zero-day Microsoft’s June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited (CVE-2025-33053, a WEBDAV RCE flaw used by APT group Stealth Falcon) and one publicly disclosed zero-day (CVE-2025-3307

    @dCypherIO

    11 Jun 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) https://t.co/Nyrv2lfx5t #HelpNetSecurity #Cybersecurity https://t.co/dEPbq6u1T8

    @PoseidonTPA

    11 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053) https://t.co/HqBYKBvdq0 https://t.co/ZM81ZqgJuj

    @Trej0Jass

    11 Jun 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Check Point Research discovered a new campaign conducted by the APT group Stealth Falcon. The attack used a .url file that exploited a zero-day vulnerability (CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. https://t.co/VpVDtm35N0 https://t.co/NUxp279EV

    @virusbtn

    11 Jun 2025

    2960 Impressions

    15 Retweets

    52 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  42. 🔴 Microsoft just patched 67 vulnerabilities—including a zero-day WEBDAV flaw actively exploited by the Stealth Falcon group to deploy stealthy malware via phishing URLs. This bug CVE-2025-33053 lets attackers run code remotely with ease. Details here → https://t.co/WlV7A

    @TheHackersNews

    11 Jun 2025

    40911 Impressions

    55 Retweets

    159 Likes

    25 Bookmarks

    5 Replies

    4 Quotes

  43. 🚨 #CVE-2025-33053 Zero-Day Vulnerability: Exploiting url Attachments via WebDAV https://t.co/aKIo3CNpkU Educational Purposes!

    @UndercodeUpdate

    11 Jun 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. #StealthFalcon used a .url file that exploited a zero-day vulnerability (xxx..pdf.url CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. P2:Sophos Lover https://t.co/qaRDvW8kmi https://t.co/edeY33XaCf

    @blackorbird

    11 Jun 2025

    5357 Impressions

    19 Retweets

    61 Likes

    40 Bookmarks

    1 Reply

    0 Quotes

  45. #threatreport #HighCompleteness CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage | 10-06-2025 Source: https://t.co/Pk5g3a6TQk Key details below ↓ 🧑‍💻Actors/Campaigns: Stealth_falcon (🧠motivation: cyber_espionage) 💀Threats: Horus

    @rst_cloud

    11 Jun 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 昨天微软刚发的CVE-2025-33053漏洞补丁,今天就有样本了 —— 通过WebDAV特性来替换本地ospath,调用命令的时候优先执行WebDAV目录里的exe,这玩意看着就好用,必然是水坑利器。 对Windows用户来说,如果有人发个很小

    @L14ngW3i

    11 Jun 2025

    299 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  47. 🔨マイクロソフト、2025年6月の月例パッチで悪用確認のゼロデイ含む脆弱性66件に対処(CVE-2025-33053ほか) 〜サイバーアラート 6月11日〜 https://t.co/qVJBb30hZ2 #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    11 Jun 2025

    67 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Actively exploited CVE : CVE-2025-33053

    @transilienceai

    11 Jun 2025

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  49. Stealth Falcon exploits CVE-2025-33053 via malicious .url files to deliver Horus Agent, targeting Middle Eastern & African govs using spear-phishing & WebDAV. A sophisticated cyber-espionage campaign. 🚨 #MiddleEast #Horus #APT https://t.co/TjA3kUb9y0

    @TweetThreatNews

    11 Jun 2025

    27 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  50. ステルスファルコンAPTが中東でMicrosoftのゼロデイRCE脆弱性を悪用CVE-2025-33053 https://t.co/7qcNGh0YoG #Security #セキュリティ #ニュース

    @SecureShield_

    11 Jun 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.