CVE-2025-33073

Name of the Vulnerable Software and Affected Versions Windows versions prior to June 2025 Patch Tuesday

Description A critical vulnerability exists in the Windows SMB client that allows an attacker to elevate privileges to SYSTEM level. This is achieved through a reflective Kerberos relay attack, where authentication is coerced and relayed back to the attacker's system via SMB. The vulnerability bypasses previous NTLM reflection mitigations and is exploitable on systems without SMB signing enabled. A proof-of-concept exploit is publicly available. The vulnerability allows an authenticated attacker to gain remote command execution as SYSTEM. The issue involves manipulation of DNS records and can be exploited through local name resolution methods. The vulnerability has been exploited in the wild and is actively being discussed within the cybersecurity community. The estimated number of affected devices is over 2.7 million.

Recommendations Apply the June 2025 Patch Tuesday updates. Enforce SMB signing on all systems.