Threat Advisory: CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability

CVE-2025-33073 is a critical vulnerability identified in Microsoft Windows Server Message Block (SMB) protocol implementations. This flaw stems from improper access control mechanisms, potentially allowing attackers to escalate privileges over a network to SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 8.8, indicating a high-severity risk. An update to address this issue was in Microsoft June Patch Tuesday.

Technical Details

CVE ID: CVE-2025-33073
CVSS v3.1 Base Score: 8.8 (High)
Reference: Microsoft Security Update Guide

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. This vulnerability is exploited by executing a specially crafted malicious script to trick the targeted machine to connect back to the attack system using SMB and authenticate. Once authenticated, the remote attacker can then execute arbitrary commands as SYSTEM on any machine which does not enforce SMB signing.

Impact Assessment

An attacker exploiting this vulnerability could gain elevated privileges (“authenticated remote command execution”) within the SMB protocol, potentially leading to an attacker accessing sensitive data, modify system configurations and impact the functionality of the device. Due to the severity of this vulnerability, administrators are recommended to apply mitigating patches promptly.

Mitigation Recommendations

Apply Security Patches: Immediately deploy the latest security updates provided by Microsoft to address this vulnerability.
Review SMB Configurations: Ensure that SMB configurations adhere to best practices, minimizing unnecessary exposure and access. While a patch update is now available, the vulnerability can reportedly be mitigated by enforcing server-side SMB signing via Group Policy
Monitor Network Activity: Implement network monitoring to detect unusual SMB traffic patterns that may indicate exploitation attempts.

Conclusion

CVE-2025-33073 represents a significant security risk within Windows SMB implementations. Organizations are strongly advised to prioritize the application of security updates from the June Patch Tuesday and to review their SMB configurations to mitigate potential exploitation.

Reference:

https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025
https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.