AI description
CVE-2025-33073 is an elevation of privilege vulnerability affecting the Windows Server Message Block (SMB) client. It stems from improper access control within Windows SMB, potentially allowing an authorized attacker to elevate privileges over a network. To exploit this vulnerability, an attacker could execute a specially crafted script. This script would coerce the victim machine to connect back to the attacker's system using SMB and authenticate, potentially resulting in the attacker gaining SYSTEM privileges.
- Description
- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
29
If you are dealing with investigation of potential exploitation of #CVE-2025-33073 . One of its key indicator is the DNS record manipulation. For e.g., If you observe a patterns like UWhRCAAAAAAAAAAAAAAA...AAAAAAAAAwbEAYBAAAA on your dns records, it's good sign of attack.
@_swachchhanda_
13 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️Actualizaciones de seguridad de junio de Microsoft ❗CVE-2025-33053 ❗CVE-2025-33073 ❗CVE-2025-32717 ❗CVE-2025-29828 ➡️Más info: https://t.co/GkinGPK48t https://t.co/YP7m2cOCO8
@CERTpy
12 Jun 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows SMBクライアントのゼロデイ脆弱性CVE-2025-33073 (Reflective Kerberos Relay Attack)の解説。AD上の低権限ユーザーが、SMB署名を強制しないWindowsシステム上でNT AUTHORITY¥SYSTEMを取得可能。 https://t.co/JIcYNPboXJ
@__kokumoto
12 Jun 2025
2389 Impressions
23 Retweets
47 Likes
14 Bookmarks
0 Replies
0 Quotes
CVE-2025-33073 : Windows SMB Client 0day Lets Attackers Gain SYSTEM Privileges https://t.co/DRhsUF43Er https://t.co/yyizJZar2i
@freedomhack101
12 Jun 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2025年6月、MicrosoftはCVE-2025-33073として知られる重大なゼロデイ脆弱性に対するパッチを公開した。これは「Reflective Kerberos Relay Attack」と呼ばれる新手法で、Kerberos認証を悪用してNT AUTHORITY\SYSTEM権限を取得できる
@yousukezan
12 Jun 2025
641 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
On stage at #x33fcon for the lightning talks! Web payloads management, EDR bypasses and insights into CVE-2025-33073🔥 https://t.co/KbLevj6o5Q
@Synacktiv
12 Jun 2025
2081 Impressions
2 Retweets
27 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-33073 : Windows SMB Client Elevation of Privilege Vulnerability 🧐Deep Dive : https://t.co/gD6gJ9N1Ke 📊2.7M+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Jw0rVNVNkD 👇Query HUNTER : https://t.co/q9rtuGgxk7=="SM
@HunterMapping
12 Jun 2025
7740 Impressions
58 Retweets
145 Likes
81 Bookmarks
0 Replies
0 Quotes
🛡️ #PatchTuesday: Microsoft’s June fixes 66 CVEs incl. exploited SMB zero-day CVE-2025-33073. Same day, UNFI hack leaves Whole Foods shelves bare. Endpoints and supply chains both targets—patch, validate backups & keep eyes on logs. #cybersecurity #infosec Who misse
@RichyrichMartin
11 Jun 2025
72 Impressions
1 Retweet
90 Likes
0 Bookmarks
0 Replies
0 Quotes
Yeni Kritik Açık: CVE-2025-33073 — Reflective Kerberos Relay Attack https://t.co/kvPPzAJenB https://t.co/8l5f47ekUU
@cozumpark
11 Jun 2025
269 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday Microsoft : 66 vulnérabilités corrigées, dont 2 zéro-days CVE-2025-33053 (WebDAV) et CVE-2025-33073 (SMB). https://t.co/rjXRImWuLP
@cert_ist
11 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-33073 (CVSS 8.8): Windows SMB Client Elevation of Privilege Vulnerability which could allow an attacker to gain SYSTEM privileges on vulnerable devices. - CVE-2025-33053 has been added to CISA’s KEV Catalog indicating reliable reports of active exploitation.
@huseyin_y13238
11 Jun 2025
1 Impression
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-33073 : The Reflective Kerberos Relay Attack The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos. https://t.co/DdTWWee6JV https://t.co/y0jZfMOyxm
@freedomhack101
11 Jun 2025
234 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Microsoft June 2025 Patch Tuesday fixes exploited zero-day Microsoft’s June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited (CVE-2025-33053, a WEBDAV RCE flaw used by APT group Stealth Falcon) and one publicly disclosed zero-day (CVE-2025-3307
@dCypherIO
11 Jun 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by @yaumn_ and @wil_fri3d. https://t.co/EY5Z53w1ZT
@Synacktiv
11 Jun 2025
29701 Impressions
134 Retweets
289 Likes
113 Bookmarks
3 Replies
6 Quotes
Microsoft Patches Critical SMB Vulnerability That Puts Windows Networks at Risk - CVE-2025-33073 Microsoft's June 2025 Patch Tuesday release has brought attention to a particularly concerning vulnerability that strikes at the heart of Windows networking infrastructure. https://t.
@CveTodo
11 Jun 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-33073: A Look in the Mirror - The Reflective Kerberos Relay Attack https://t.co/BlgpGXweRS https://t.co/imwUmo3bB8
@secharvesterx
11 Jun 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Our new blog post about Windows CVE-2025-33073 which we discovered is live: 🪞 The Reflective Kerberos Relay Attack - Remote privilege escalation from low-priv user to SYSTEM with RCE by applying a long forgotten NTLM relay technique to Kerberos: https://t.co/ab21IXtp9T
@RedTeamPT
11 Jun 2025
25337 Impressions
137 Retweets
327 Likes
194 Bookmarks
6 Replies
5 Quotes
Microsoft's June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited zero-day (CVE-2025-33053) related to WebDAV remote code execution and another publicly disclosed zero-day (CVE-2025-33073) affecting Windows SMB that all... https://t.co/erRzckLS8J
@securityRSS
10 Jun 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MS June Patch Tuesday fixes ~70 flaws, incl. 2 potential zero-days (CVE-2025-33053 actively exploited; CVE-2025-33073 PoC available). Patch critical. https://t.co/W2Y3mzVwZs
@Jfreeg_
10 Jun 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Microsoft's June 2025 Patch Tuesday patches 66 flaws, including an actively exploited zero-day (CVE-2025-33053) in WebDAV used by Stealth Falcon & a public zero-day (CVE-2025-33073) in SMB. Stay updated! 🛡️ #WebDAV #ZeroDay #UK https://t.co/TmgFcHw8lV
@TweetThreatNews
10 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Microsoft Patch Tuesday - 2 Zero-Days: → SMB privilege escalation (CVE-2025-33073) → WebDAV RCE (CVE-2025-33053) – actively exploited! Network-based, low complexity. 📩 Full breakdown in Horizon Alert. https://t.co/hYWacG79Bi https://t.co/ph6irckQFf
@horizon_secured
10 Jun 2025
185 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨🚨 Just a heads-up: Microsoft will release a fix for a vulnerability we discovered as part of Patch Tuesday, today. MS classified CVE-2025-33073 as "important" and we recommend patching soon. Stay tuned for our blog post and paper about it tomorrow at 10:00 am CEST
@RedTeamPT
10 Jun 2025
6296 Impressions
11 Retweets
64 Likes
27 Bookmarks
1 Reply
0 Quotes
Новости из будущего. В июньском бюллетене будет 37 уязвимостей для Windows 11 23H2. CVE-2025-33053 (CWE-73 - External Control of File Name or Path) в WebDAV была обнаружена в "дикой природе", а CV
@varwar1337
7 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes