Remote Code Execution Vulnerability in Microsoft WebDAV
CVE-2025-33053

8.8HIGH

Key Information:

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 6,940💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 27%🦅 CISA Reported📰 News Worthy

What is CVE-2025-33053?

CVE-2025-33053 is a remote code execution vulnerability identified in Microsoft WebDAV, a protocol that allows users to manage files on remote web servers. This vulnerability arises from the external manipulation of file names or paths, enabling unauthorized attackers to execute arbitrary code over a network. If exploited, this flaw could lead to significant malicious activities, allowing attackers to gain control over affected systems, exfiltrate sensitive information, or deploy further malware. Given the use of WebDAV in various enterprise environments, the impact on organizations could be substantial, leading to data breaches and diminished reputations.

Potential impact of CVE-2025-33053

  1. Unauthorized System Access: Attackers exploiting this vulnerability can gain unauthorized access to systems, leading to the potential takeover of affected machines. This access could allow them to manipulate data, disrupt operations, or configure systems for further attacks.

  2. Data Breach Risks: By executing code remotely, adversaries can potentially access sensitive organizational data. This could lead to the theft of confidential information, financial records, or personal data of employees and customers, resulting in serious compliance and legal repercussions.

  3. Disturbance of Services: The exploitation of this vulnerability may disrupt regular business operations by causing system outages or service interruptions. In environments reliant on WebDAV, this disruption could severely impact productivity and service delivery to clients.

CISA has reported CVE-2025-33053

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-33053 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7434

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation

3 days ago

CVE-2025-33053: RCE in WebDAV

Microsoft has fixed the CVE-2025-33053 vulnerability in Web Distributed Authoring and Versioning (WebDAV), which allowed attackers to remotely execute arbitrary code on a victim's computer.

3 days ago

Hackers exploited Windows WebDav zero-day to drop malware

An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen.

3 days ago

References

EPSS Score

27% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by Check Point Software

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-33053 : Remote Code Execution Vulnerability in Microsoft WebDAV