CVE-2025-33073
Microsoft Windows SMB Client Improper Access Control Vulnerability - [Actively Exploited]
Description
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
INFO
Published Date :
June 10, 2025, 5:23 p.m.
Last Modified :
Oct. 27, 2025, 5:12 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33073
Affected Products
The following products are affected by CVE-2025-33073
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Install the latest Windows security updates.
- Review and enforce access control policies.
- Restrict network access to SMB services.
Public PoC/Exploit Available at Github
CVE-2025-33073 has a 27 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-33073.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073 | Vendor Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-33073-detection-script-improper-access-control-in-windows-smb-affects-microsoft-products | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-33073-mitigation-script-improper-access-control-in-windows-smb-affects-microsoft-products | Mitigation Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-33073 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-33073
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
🔧 Exploit CVE-2025-33073 with this universal tool for Windows Domain Controllers, enabling SYSTEM-level code execution through automated techniques.
cve-2025-33073 cybersecurity exploit incident-response malware network-security open-source patch risk-management software-security system-security threat-analysis vulnerability-report
Shell
AD Tools
Python Shell
CVE-2025-33073
Python
Universal exploitation tool for CVE-2025-33073 targeting Windows Domain Controllers with DNSAdmins privileges and WinRM enabled.
Shell
different tests and simulations
None
Proof-of-Concept
Python PowerShell Batchfile
list of cve from 2001 to 2024
Python
None
None
None
None
A tool for coercing and relaying Kerberos authentication over DCOM and RPC.
Python
None
Python HTML C++ C PowerShell C# Shell
None
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-33073 vulnerability anywhere in the article.
-
The Cyber Express
Active Exploitation of Command Injection Flaw Confirmed in Array AG Gateways
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed that a command injection vulnerability affecting Array Networks AG Series secure access gateways has been activ ... Read more
-
Daily CyberSecurity
Zombie Protocol: How NTLM Flaws Like CVE-2024-43451 Are Haunting 2025
A new report from Kaspersky Labs reveals that despite being over two decades old, the NTLM authentication protocol remains a critical security liability in 2025. Cybercriminals are actively exploiting ... Read more
-
The Hacker News
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there's a lot happening in the cyber world.Criminals are getting crea ... Read more
-
CybersecurityNews
Hackers Exploit NTLM Authentication Flaws to Target Windows Systems
More than two decades after its initial discovery, the NTLM authentication protocol continues to plague Windows systems worldwide. What started in 2001 as a theoretical vulnerability has evolved into ... Read more
-
Kaspersky
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated on ... Read more
-
The Cyber Express
Researchers Uncover Critical runC Bugs Allowing Full Container Escape
Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow a ... Read more
-
Daily CyberSecurity
Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726
Machine authentication allowing remote execution of commands with high privileges | Image: Andrea Pierini A newly disclosed Windows vulnerability, CVE-2025-58726, allows attackers with low privileges ... Read more
-
CybersecurityNews
New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers
A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access. ... Read more
-
Help Net Security
Week in review: Actively exploited Windows SMB flaw, trusted OAuth apps turned into cloud backdoors
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most AI privacy research looks the wrong way Most research on LLM privacy has focused on the wrong pro ... Read more
-
The Cyber Express
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287 ... Read more
-
The Cyber Express
RCE Vulnerability (CVE-2025-62518) Discovered in Popular Rust Library async-tar and Its Forks
A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE‑2025‑6251 ... Read more
-
The Cyber Express
Ransomware Attacks Escalate in APAC Targeting VPN Flaws, Microsoft 365 Logins, Python Scripts
The Asia-Pacific (APAC) region is seeing a rapid surge in number of cyberattacks aimed at its enterprises’, a new report suggests. According to Barracuda’s SOC Threat Radar report, threat actors are i ... Read more
-
Help Net Security
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency ... Read more
-
The Register
Feds flag active exploitation of patched Windows SMB vuln
Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited – months after it was patched. The bug, tracked as CVE-2025-33073, was ... Read more
-
The Hacker News
Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets
Oct 20, 2025Ravie LakshmananThreat Intelligence / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabil ... Read more
-
BleepingComputer
CISA: High-severity Windows SMB flaw now exploited in attacks
CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems. Tracked as CVE-2025-33 ... Read more
-
security.nl
Beveiligingslekken in Windows SMB-client en Kentico Xperience actief misbruikt
Kwetsbaarheden in de SMB-client van Windows en Kentico Xperience worden actief misbruikt bij aanvallen, zo waarschuwt het Amerikaanse cyberagentschap CISA. Microsoft kwam op 10 juni met beveiligingsup ... Read more
-
CrowdStrike.com
June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs
Microsoft has addressed 66 vulnerabilities in its June 2025 security update release. This month's patches include fixes for one actively exploited zero-day vulnerability and nine Critical vulnerabilit ... Read more
-
BleepingComputer
Microsoft fixes Surface Hub boot issues with emergency update
Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10. As the company explained when it acknowledged this issue la ... Read more
-
BleepingComputer
Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices
Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. These boot problems only impact Surface Hub v1 systems running Windows 1 ... Read more
The following table lists the changes that have been made to the
CVE-2025-33073 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 27, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-33073 -
Modified Analysis by [email protected]
Oct. 21, 2025
Action Type Old Value New Value Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-33073-detection-script-improper-access-control-in-windows-smb-affects-microsoft-products Types: Third Party Advisory Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-33073-mitigation-script-improper-access-control-in-windows-smb-affects-microsoft-products Types: Mitigation, Third Party Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Oct. 21, 2025
Action Type Old Value New Value Added Date Added 2025-10-20 Added Due Date 2025-11-10 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Microsoft Windows SMB Client Improper Access Control Vulnerability -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Sep. 15, 2025
Action Type Old Value New Value Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-33073-detection-script-improper-access-control-in-windows-smb-affects-microsoft-products Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-33073-mitigation-script-improper-access-control-in-windows-smb-affects-microsoft-products -
Initial Analysis by [email protected]
Jul. 10, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.21034 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.21034 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5965 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5965 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.5472 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.5472 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4270 *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.8148 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.7434 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.3745 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1665 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.4270 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073 Types: Vendor Advisory -
New CVE Received by [email protected]
Jun. 10, 2025
Action Type Old Value New Value Added Description Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-284 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073