1. Home
  2. Vulnerabilities
  3. CVE-2025-33053
Known Exploited Vulnerability
8.8
HIGH CVSS 3.1
CVE-2025-33053
Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability - [Actively Exploited]
Description

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

INFO

Published Date :

June 10, 2025, 5:22 p.m.

Last Modified :

Sept. 15, 2025, 7:15 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Web Distributed Authoring and Versioning (WebDAV) contains an external control of file name or path vulnerability. This vulnerability could allow an unauthorized attacker to execute code over a network. This vulnerability could affect various products that implement WebDAV, including but not limited to Microsoft Windows.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053

Affected Products

The following products are affected by CVE-2025-33053 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_22h2
11 Microsoft windows_10_1507
12 Microsoft windows_11_23h2
13 Microsoft windows_server_2022_23h2
14 Microsoft windows_server_23h2
15 Microsoft windows_server_2012_r2
16 Microsoft windows_server_2008_r2
17 Microsoft windows_server_2008_sp2
18 Microsoft windows_11_24h2
19 Microsoft windows_server_2025
: Total Affected Vendor : 1 | Products : 19
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Prevent code execution by validating file names and paths carefully.
  • Ensure file paths are properly validated.
  • Validate all external inputs to prevent manipulation.
Public PoC/Exploit Available at Github

CVE-2025-33053 has a 15 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-33053.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053 Vendor Advisory
https://research.checkpoint.com/2025/stealth-falcon-zero-day/ Technical Description
https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org Press/Media Coverage
https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/ Press/Media Coverage
https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast Press/Media Coverage
https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/ Press/Media Coverage
https://www.vicarius.io/vsociety/posts/cve-2025-33053-detection-script-remote-code-execution-vulnerability-in-microsoft-webdav
https://www.vicarius.io/vsociety/posts/cve-2025-33053-mitigation-script-remote-code-execution-vulnerability-in-microsoft-webdav
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-33053 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-33053 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
giriaryan694-a11y/exposed-win-zero-days

A research-focused archive of publicly disclosed Windows zero-day vulnerabilities. This project summarizes CVEs, disclosure timelines, vendor advisories, and defensive mitigations. ⚠️ No exploit code included — educational and defensive use only.

cve cybersecurity infosec security-research threat-intelligence vulnerabilities windows zero-day

HTML

Updated: 1 week, 5 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 28, 2025, 1:31 a.m. This repo has been linked 13 different CVEs too.
Profile Photo
veath1/LNK-File-WEBDAV-Remote-Code-Execution-Vulnerability

Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability via LNK Files

PowerShell

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : Aug. 24, 2025, 4:35 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
4n4s4zi/CVE-2025-33053_PoC

POC exploit for CVE-2025-33053 (External control of file execution path in URL file)

Shell

Updated: 3 weeks, 1 day ago
1 stars 1 fork 1 watcher
Born at : Aug. 23, 2025, 1:37 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
joydada29/cybersecurity-watch-report

None

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : July 31, 2025, 7:22 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
kodamap/epss_mcp

None

Python Dockerfile

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : July 10, 2025, 2:48 p.m. This repo has been linked 7 different CVEs too.
Profile Photo
kra1t0/CVE-2025-33053-WebDAV-RCE-PoC-and-C2-Concept

Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF payload and a video-only showcase of potential command-and-control capabilities.

Shell Python

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : June 18, 2025, 7:39 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
TheTorjanCaptain/CVE-2025-33053-Checker-PoC

CVE-2025-33053 Checker and PoC

checker cve-2025-33053 kali-linux poc securityresearch windows

PowerShell Python

Updated: 2 months, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : June 18, 2025, 10:08 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
detectrespondrepeat/CVE-2025-33053

WebDAV Path Handling Vulnerability 🔍

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : June 14, 2025, 11:30 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
adam-fff/wtfdav

This script will check whether your Windows WebDAV client service is running, and if so, perform basic forensic analysis to determine why.

PowerShell

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : June 13, 2025, 3:22 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
alegrason/CVE-2025-33053

CVE-2025-33053 — WebDAV Remote Code Execution via File Path Manipulation

Python

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : June 12, 2025, 7:08 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
DevBuiHieu/CVE-2025-33053-Proof-Of-Concept

CVE-2025-33053 Proof Of Concept (PoC)

cve-2025 webdav poc proof-of-concept cve-2025-33053

Shell Python

Updated: 1 month, 3 weeks ago
55 stars 14 fork 14 watcher
Born at : June 12, 2025, 6:48 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
zulu74/SentinelIT_NextGEN-CYBERSECURITY-SOFTWARE

None

Python Inno Setup Go HTML

Updated: 3 months ago
2 stars 0 fork 0 watcher
Born at : June 2, 2025, 8:21 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
ums91/CISA_BOT

CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.

Python

Updated: 2 weeks, 3 days ago
2 stars 1 fork 1 watcher
Born at : Oct. 29, 2024, 10:19 a.m. This repo has been linked 206 different CVEs too.
Profile Photo
cowbe0x004/cowbe0x004

None

Updated: 2 days, 23 hours ago
0 stars 1 fork 1 watcher
Born at : July 31, 2020, 4:40 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 2 days, 1 hour ago
7263 stars 1201 fork 1201 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 805 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-33053 vulnerability anywhere in the article.

  • Daily CyberSecurity
Kaspersky Report: Vulnerabilities Are Exploding, and Attackers Are Adapting

Kaspersky Labs has published its Q2 2025 vulnerability analysis, revealing an alarming rise in both the number of vulnerabilities registered and their exploitation in the wild. The findings show that ... Read more

Published Date: Aug 29, 2025 (2 weeks, 3 days ago)
  • Kaspersky
Exploits and vulnerabilities in Q2 2025

Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browser ... Read more

Published Date: Aug 27, 2025 (2 weeks, 5 days ago)
  • Help Net Security
July 2025 Patch Tuesday forecast: Take a break from the grind

There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple o ... Read more

Published Date: Jul 07, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 04, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 03, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 03, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 03, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 02, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 02, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 02, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 02, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 01, 2025 (2 months, 1 week ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 01, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 01, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jul 01, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jun 30, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jun 30, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jun 30, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jun 30, 2025 (2 months, 2 weeks ago)
  • CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs

Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more

Published Date: Jun 30, 2025 (2 months, 2 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-33053 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Sep. 15, 2025

    Action Type Old Value New Value
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-33053-detection-script-remote-code-execution-vulnerability-in-microsoft-webdav
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-33053-mitigation-script-remote-code-execution-vulnerability-in-microsoft-webdav
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jun. 21, 2025

    Action Type Old Value New Value
    Changed Vulnerability Name Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability Microsoft Windows External Control of File Name or Path Vulnerability
  • Modified Analysis by [email protected]

    Jun. 20, 2025

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jun. 19, 2025

    Action Type Old Value New Value
    Changed Description External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
  • Modified Analysis by [email protected]

    Jun. 12, 2025

    Action Type Old Value New Value
    Added Reference Type CVE: https://research.checkpoint.com/2025/stealth-falcon-zero-day/ Types: Technical Description
    Added Reference Type CVE: https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org Types: Press/Media Coverage
    Added Reference Type CVE: https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/ Types: Press/Media Coverage
    Added Reference Type CVE: https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast Types: Press/Media Coverage
    Added Reference Type CVE: https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/ Types: Press/Media Coverage
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Jun. 12, 2025

    Action Type Old Value New Value
    Added Reference https://research.checkpoint.com/2025/stealth-falcon-zero-day/
    Added Reference https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
    Added Reference https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
    Added Reference https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast
    Added Reference https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/
  • Initial Analysis by [email protected]

    Jun. 11, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.21034 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19044.5965 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19044.5965 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.21034 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19044.5965 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22621.5472 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.19045.5965 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.19045.5965 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.19045.5965 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.3807 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.26100.4349 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.4349 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.26100.4349 *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22621.5472 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:* versions up to (excluding) 10.0.22631.5472 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.22631.5472 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.25398.1665
    Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053 Types: Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jun. 11, 2025

    Action Type Old Value New Value
    Added Date Added 2025-06-10
    Added Due Date 2025-07-01
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability
  • New CVE Received by [email protected]

    Jun. 10, 2025

    Action Type Old Value New Value
    Added Description External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CWE CWE-73
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact