CVE-2025-33053

ENISA EUVD: EUVD-2025-17721 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 3 articles Published: 2025-06-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

47.02%

probability

This CVE has a 47.02% probability of being exploited in the next 30 days.

0% Top 97.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

NVD

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

Affected Products

Microsoft

Windows 10 Version 1507

10.0.10240.0

Microsoft

Windows 10 Version 1607

10.0.14393.0

Microsoft

Windows 10 Version 1809

10.0.17763.0

Microsoft

Windows 10 Version 21H2

10.0.19044.0

Microsoft

Windows 10 Version 22H2

10.0.19045.0

microsoft

windows 10 1507

microsoft

windows 10 1607

microsoft

windows 10 1809

microsoft

windows 10 21h2

microsoft

windows 10 22h2

Microsoft

Windows 10 Version 22H2

10.0.19045.0 <10.0.19045.5965

Microsoft

Windows 10 Version 1607

10.0.14393.0 <10.0.14393.8148

Microsoft

Windows Server 2016

10.0.14393.0 <10.0.14393.8148

Microsoft

Windows 11 Version 24H2

10.0.26100.0 <10.0.26100.4349

Microsoft

Windows 11 version 22H2

10.0.22621.0 <10.0.22621.5472

Microsoft

Windows Server 2025 (Server Core installation)

10.0.26100.0 <10.0.26100.4349

Microsoft

Windows Server 2022, 23H2 Edition (Server Core installation)

10.0.25398.0 <10.0.25398.1665

Microsoft

Windows 10 Version 1507

10.0.10240.0 <10.0.10240.21034

Microsoft

Windows Server 2019

10.0.17763.0 <10.0.17763.7434

Microsoft

Windows Server 2022

10.0.20348.0 <10.0.20348.3807

Microsoft

Windows Server 2008 Service Pack 2 (Server Core installation)

6.0.6003.0 <6.0.6003.23351

Microsoft

Windows Server 2008 Service Pack 2

6.0.6003.0 <6.0.6003.23351

Microsoft

Windows 11 Version 23H2

10.0.22631.0 <10.0.22631.5472

Microsoft

Windows Server 2008 R2 Service Pack 1

6.1.7601.0 <6.1.7601.27769

Microsoft

Windows Server 2012 R2

6.3.9600.0 <6.3.9600.22620

Microsoft

Windows Server 2012

6.2.9200.0 <6.2.9200.25522

Microsoft

Windows Server 2019 (Server Core installation)

10.0.17763.0 <10.0.17763.7434

Microsoft

Windows Server 2025

10.0.26100.0 <10.0.26100.4349

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.9600.0 <6.3.9600.22620

Microsoft

Windows Server 2012 (Server Core installation)

6.2.9200.0 <6.2.9200.25522

Microsoft

Windows Server 2016 (Server Core installation)

10.0.14393.0 <10.0.14393.8148

Microsoft

Windows Server 2008 Service Pack 2

6.0.6003.0 <6.0.6003.23351

Microsoft

Windows Server 2008 R2 Service Pack 1 (Server Core installation)

6.1.7601.0 <6.1.7601.27769

Microsoft

Windows 10 Version 21H2

10.0.19044.0 <10.0.19044.5965

Microsoft

Windows 10 Version 1809

10.0.17763.0 <10.0.17763.7434

Microsoft

Windows 11 version 22H3

10.0.22631.0 <10.0.22631.5472

Attack Intelligence

CWE-610 · Externally Controlled Reference to a Resource in Another Sphere CWE-642 · External Control of Critical State Data CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere CWE-73 · External Control of File Name or Path

Google Project Zero

Patched

June 10, 2025

Reported by

Alexandra Gofman and David Driker (Check Point Research)

Root Cause Analysis

???

Exploits & PoC

DevBuiHieu/CVE-2025-33053-Proof-Of-Concept

CVE-2025-33053 Proof Of Concept (PoC)

63 2025-06-17

kra1t0/CVE-2025-33053-WebDAV-RCE-PoC-and-C2-Concept

Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF pa

3 2025-06-19

TheTorjanCaptain/CVE-2025-33053-Checker-PoC

CVE-2025-33053 Checker and PoC

1 2025-06-18

4n4s4zi/CVE-2025-33053_PoC

POC exploit for CVE-2025-33053 (external control of file execution path in URL file)

1 2025-08-23

Cyberw1ng/CVE-2025-33053-POC

POC for CVE-2025-33053 WebDav Exploit, demonstrating how the vulnerability can be triggered in a real environment. This repository focuses on hands-on

0 2025-12-18

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053

vendor-advisory patch

Signal Intelligence

Confidenceⓘ

82%

EPSS 47.02%

CVSS v3.1 8.8

Mentions 3

Last Seen Jun 11, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Internet Shortcut Files Remote Code Execution Vulnerability

Analyst Note

CVE-2025-33053 is confirmed with high severity (CVSS 8.8) affecting Windows 10, documented in Google Project Zero, and supported by evidence of active exploitation for malware delivery via WebDAV. The single article reference and absence from CISA KEV catalog slightly temper confidence, but the combination of authoritative disclosure and real-world attack evidence substantiates the confirmed status.