Remote Code Execution Vulnerability in Microsoft WebDAV
CVE-2025-33053
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 10 June 2025
Badges
What is CVE-2025-33053?
CVE-2025-33053 is a remote code execution vulnerability identified in Microsoft WebDAV, a protocol that allows users to manage files on remote web servers. This vulnerability arises from the external manipulation of file names or paths, enabling unauthorized attackers to execute arbitrary code over a network. If exploited, this flaw could lead to significant malicious activities, allowing attackers to gain control over affected systems, exfiltrate sensitive information, or deploy further malware. Given the use of WebDAV in various enterprise environments, the impact on organizations could be substantial, leading to data breaches and diminished reputations.
Potential impact of CVE-2025-33053
-
Unauthorized System Access: Attackers exploiting this vulnerability can gain unauthorized access to systems, leading to the potential takeover of affected machines. This access could allow them to manipulate data, disrupt operations, or configure systems for further attacks.
-
Data Breach Risks: By executing code remotely, adversaries can potentially access sensitive organizational data. This could lead to the theft of confidential information, financial records, or personal data of employees and customers, resulting in serious compliance and legal repercussions.
-
Disturbance of Services: The exploitation of this vulnerability may disrupt regular business operations by causing system outages or service interruptions. In environments reliant on WebDAV, this disruption could severely impact productivity and service delivery to clients.
CISA has reported CVE-2025-33053
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-33053 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7434
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA (.gov)CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation
3 days ago
KasperskyCVE-2025-33053CVE-2025-33053: RCE in WebDAV
Microsoft has fixed the CVE-2025-33053 vulnerability in Web Distributed Authoring and Versioning (WebDAV), which allowed attackers to remotely execute arbitrary code on a victim's computer.
3 days ago
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.
3 days ago
References
EPSS Score
27% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by Check Point Software
Vulnerability published
Vulnerability Reserved