CVE-2025-33073

Name of the Vulnerable Software and Affected Versions Microsoft Windows (affected versions not specified)

Description Improper access control in the Windows SMB Client, specifically within the mrxsmb.sys driver, allows an authorized or unauthenticated remote attacker to elevate privileges. The issue stems from weaknesses in authentication relaying, including NTLM reflection and Reflective Kerberos Relay attacks. Attackers can use authentication coercion techniques, such as forcing a request to a UNC path, to make a host connect to a malicious system. By manipulating CREDENTIAL TARGET INFORMATIONW and removing NTLM capabilities from SPNEGO to force Kerberos usage, an attacker can relay a Kerberos ticket back to the same host. This process allows the attacker to gain a session as the computer account (DOMAINMACHINE$) and ultimately escalate privileges to NT AUTHORITYSYSTEM, granting full control over the compromised device. Exploitation can occur via standard RPC and SMB services and may be triggered through social engineering or drive-by downloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.