Improper Access Control in Windows SMB Affects Microsoft Products
CVE-2025-33073

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
10 June 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 26,900👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-33073?

CVE-2025-33073 is a significant vulnerability associated with the Windows Server Message Block (SMB) protocol utilized by various Microsoft products. This vulnerability stems from improper access control mechanisms within the SMB framework, enabling authorized attackers to elevate their privileges over a network. In environments where SMB is commonly deployed, such as enterprise networks and systems that rely on file sharing and communication between devices, this vulnerability can pose substantial risks. If exploited, it could allow an attacker to gain unauthorized access to sensitive data, disrupt operations, or leverage compromised systems for further attacks, undermining the integrity and security of organizational networks.

Potential impact of CVE-2025-33073

  1. Unauthorized Access and Data Breaches: Successful exploitation of the vulnerability could allow attackers to gain access to sensitive files and confidential information stored on affected systems, potentially leading to data theft and breaches of regulatory compliance.

  2. Privilege Escalation and Network Compromise: The ability to elevate privileges means that an attacker could assume higher access rights than intended, allowing them to navigate and manipulate network resources, which can lead to widespread system compromise.

  3. Operational Disruption: Organizations relying on SMB for day-to-day operations could experience interruptions in service availability and functionality, resulting in financial losses and damage to reputations as services are rendered unavailable due to the exploitation of this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7434

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-33073
Created by mverschu

CVE-2025-33073
Created by joaozixx

News Articles

favicon imageForbes

Update Windows Now — Microsoft Confirms System Takeover Danger

Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.

favicon imageForbes

Update Windows Now — Microsoft Confirms System Takeover Danger

Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.

favicon imageKrebs on Security

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive…

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by BornCity

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-33073 : Improper Access Control in Windows SMB Affects Microsoft Products