The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting the security flaw in the wild.
The vulnerability, tracked as CVE-2025-33073, affects the Windows SMB Client and could allow attackers to escalate privileges on compromised systems.
Vulnerability Details and Attack Method
CVE-2025-33073 is an improper access control vulnerability residing in the Microsoft Windows SMB Client component.
The security flaw enables attackers to gain elevated privileges through a specially crafted attack scenario.
| CVE ID | Vulnerability Type | Affected Product |
| CVE-2025-33073 | Improper Access Control | Microsoft Windows SMB Client |
According to CISA’s advisory, an attacker can execute malicious scripts designed to coerce a victim’s machine into connecting back to an attacker-controlled system using the SMB protocol and authenticating against it.
The vulnerability is classified under CWE-284, which relates to improper access control weaknesses. Once exploited, the flaw allows unauthorized actors to bypass security restrictions and potentially gain higher-level permissions on the targeted system.
This type of privilege escalation vulnerability is particularly concerning because it can enable attackers to move laterally across networks, access sensitive data, or deploy additional malicious payloads after initial compromise.
CISA added CVE-2025-33073 to its catalog on October 20, 2025, signaling that the vulnerability poses an immediate threat to federal networks and critical infrastructure.
Federal Civilian Executive Branch agencies must apply vendor-provided mitigations or discontinue use of affected products by November 10, 2025, giving organizations just three weeks to remediate the security flaw.
The directive follows CISA’s Binding Operational Directive 22-01, which requires federal agencies to patch known exploited vulnerabilities within specified timeframes.
While the directive specifically targets federal agencies, CISA strongly recommends that all organizations review the Known Exploited Vulnerabilities catalog and prioritize remediation of listed flaws as part of their vulnerability management programs.
Organizations using Windows systems should immediately review Microsoft’s security guidance and apply available patches or mitigations.
CISA advises administrators to follow vendor instructions for remediation, implement applicable guidance from BOD 22-01 for cloud services, or discontinue product use if effective mitigations are unavailable.
Currently, it remains unknown whether CVE-2025-33073 has been used in ransomware campaigns, though ransomware operators commonly leverage privilege escalation vulnerabilities to compromise enterprise environments.
Security teams should monitor for suspicious SMB authentication attempts and unusual network connections that could indicate exploitation attempts.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
