Improper Access Control in Windows SMB Affects Microsoft Products
CVE-2025-33073
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 10 June 2025
Badges
What is CVE-2025-33073?
CVE-2025-33073 is a significant vulnerability associated with the Windows Server Message Block (SMB) protocol utilized by various Microsoft products. This vulnerability stems from improper access control mechanisms within the SMB framework, enabling authorized attackers to elevate their privileges over a network. In environments where SMB is commonly deployed, such as enterprise networks and systems that rely on file sharing and communication between devices, this vulnerability can pose substantial risks. If exploited, it could allow an attacker to gain unauthorized access to sensitive data, disrupt operations, or leverage compromised systems for further attacks, undermining the integrity and security of organizational networks.
Potential impact of CVE-2025-33073
-
Unauthorized Access and Data Breaches: Successful exploitation of the vulnerability could allow attackers to gain access to sensitive files and confidential information stored on affected systems, potentially leading to data theft and breaches of regulatory compliance.
-
Privilege Escalation and Network Compromise: The ability to elevate privileges means that an attacker could assume higher access rights than intended, allowing them to navigate and manipulate network resources, which can lead to widespread system compromise.
-
Operational Disruption: Organizations relying on SMB for day-to-day operations could experience interruptions in service availability and functionality, resulting in financial losses and damage to reputations as services are rendered unavailable due to the exploitation of this vulnerability.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21034
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8148
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7434
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Update Windows Now — Microsoft Confirms System Takeover Danger
Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.
2 weeks ago
ForbesCVE-2025-33073Update Windows Now — Microsoft Confirms System Takeover Danger
Microsoft has issued a warning that Windows hackers could gain system privileges using this authentication relay attack — an update is available; apply now.
2 weeks ago
Patch Tuesday, June 2025 Edition
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive…
3 weeks ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
- 📰
First article discovered by BornCity
Vulnerability published
Vulnerability Reserved