Improper Access Control in Windows SMB Affects Microsoft Products
CVE-2025-33073

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 10 June 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 26,900💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 35%🦅 CISA Reported📰 News Worthy

What is CVE-2025-33073?

CVE-2025-33073 is a significant vulnerability associated with the Windows Server Message Block (SMB) protocol utilized by various Microsoft products. This vulnerability stems from improper access control mechanisms within the SMB framework, enabling authorized attackers to elevate their privileges over a network. In environments where SMB is commonly deployed, such as enterprise networks and systems that rely on file sharing and communication between devices, this vulnerability can pose substantial risks. If exploited, it could allow an attacker to gain unauthorized access to sensitive data, disrupt operations, or leverage compromised systems for further attacks, undermining the integrity and security of organizational networks.

Potential impact of CVE-2025-33073

Unauthorized Access and Data Breaches: Successful exploitation of the vulnerability could allow attackers to gain access to sensitive files and confidential information stored on affected systems, potentially leading to data theft and breaches of regulatory compliance.
Privilege Escalation and Network Compromise: The ability to elevate privileges means that an attacker could assume higher access rights than intended, allowing them to navigate and manipulate network resources, which can lead to widespread system compromise.
Operational Disruption: Organizations relying on SMB for day-to-day operations could experience interruptions in service availability and functionality, resulting in financial losses and damage to reputations as services are rendered unavailable due to the exploitation of this vulnerability.

CISA has reported CVE-2025-33073

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-33073 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7434

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-33073
Created by mverschu

windows-smb-vulnerability-framework-cve-2025-33073
Created by SellMeFish

CVE-2025-33073
Created by joaozixx