CVE-2025-33073 is a critical vulnerability identified in Microsoft Windows Server Message Block (SMB) protocol implementations. This flaw stems from improper access control mechanisms, potentially allowing attackers to escalate privileges over a network to SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 8.8, indicating a high-severity risk. An update to address this issue was in Microsoft June Patch Tuesday.
Technical Details
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. This vulnerability is exploited by executing a specially crafted malicious script to trick the targeted machine to connect back to the attack system using SMB and authenticate. Once authenticated, the remote attacker can then execute arbitrary commands as SYSTEM on any machine which does not enforce SMB signing.
Impact Assessment
An attacker exploiting this vulnerability could gain elevated privileges (“authenticated remote command execution”) within the SMB protocol, potentially leading to an attacker accessing sensitive data, modify system configurations and impact the functionality of the device. Due to the severity of this vulnerability, administrators are recommended to apply mitigating patches promptly.
Mitigation Recommendations
Conclusion
CVE-2025-33073 represents a significant security risk within Windows SMB implementations. Organizations are strongly advised to prioritize the application of security updates from the June Patch Tuesday and to review their SMB configurations to mitigate potential exploitation.
Reference:
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.