CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.
Tracked as CVE-2025-33073, this security flaw impacts all Windows Server and Windows 10 versions, as well as Windows 11 systems up to Windows 11 24H2.
Microsoft patched the vulnerability during the June 2025 Patch Tuesday, when it also revealed that it stems from an improper access control weakness that enables authorized attackers to elevate privileges over a network.
“The attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol,” the company explained.
“To exploit this vulnerability, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. This could result in elevation of privilege.”
At the time, a security advisory indicated that information about the bug was already publicly accessible before the security updates were released, however the company has yet to publicly acknowledge CISA’s claims that CVE-2025-33073 is under active exploitation.
Microsoft has attributed the discovery of this flaw to multiple security researchers, including CrowdStrike’s Keisuke Hirata, Synacktiv’s Wilfried Bécard, SySS GmbH’s Stefan Walter, Google Project Zero’s James Forshaw, and RedTeam Pentesting GmbH.
CISA has yet to share more information regarding ongoing CVE-2025-33073 attacks, but it has added the flaw to its Known Exploited Vulnerabilities Catalog, giving Federal Civilian Executive Branch (FCEB) agencies three weeks to secure their systems by November 10, as mandated by Binding Operational Directive (BOD) 22-01.
While BOD 22-01 only targets federal agencies, the U.S. cybersecurity agency encourages all organizations, including those in the private sector, to ensure that this actively exploited security bug is patched as soon as possible.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA cautioned on Monday.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Source link
