CVE-2025-33073

Name of the Vulnerable Software and Affected Versions Windows versions prior to June 2025 Patch Tuesday

Description A critical vulnerability exists in the Windows SMB client, identified as CVE-2025-33073, allowing for potential privilege escalation to SYSTEM level. This flaw stems from improper access control and enables attackers to exploit the vulnerability through a reflective Kerberos relay attack. Attackers can coerce authentication and relay Kerberos tickets to gain unauthorized access. Publicly available proof-of-concept exploits exist, and active exploitation has been observed. The vulnerability affects Windows Server, Windows 10, and Windows 11. The vulnerability allows an authenticated attacker to gain SYSTEM level access. The flaw is exploitable through SMB, LDAP, and RPC protocols. Several proof-of-concept exploits are available.

Recommendations Apply the June 2025 Patch Tuesday updates. Enforce SMB signing. Restrict outgoing SMB traffic.