CVE-2025-33053— Internet Shortcut Files Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-33053
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Internet Shortcut Files Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft WebDAV 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft WebDAV是美国微软(Microsoft)公司的一种基于HTTP协议的扩展,用于通过互联网进行文件管理和协同编辑。 Microsoft WebDAV存在安全漏洞。攻击者利用该漏洞可以执行代码。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2025-33053
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2025-33053 Proof Of Concept (PoC) | https://github.com/DevBuiHieu/CVE-2025-33053-Proof-Of-Concept | POC Details |
| 2 | CVE-2025-33053 Checker and PoC | https://github.com/TheTorjanCaptain/CVE-2025-33053-Checker-PoC | POC Details |
| 3 | Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF payload and a video-only showcase of potential command-and-control capabilities. | https://github.com/kra1t0/CVE-2025-33053-WebDAV-RCE-PoC-and-C2-Concept | POC Details |
| 4 | POC exploit for CVE-2025-33053 (External control of file execution path in URL file) | https://github.com/4n4s4zi/CVE-2025-33053_PoC | POC Details |
| 5 | POC for CVE-2025-33053 WebDav Exploit, demonstrating how the vulnerability can be triggered in a real environment. This repository focuses on hands-on exploitation steps, reproducible test cases, and observable impact, helping security researchers and defenders understand the issue and validate fixes. | https://github.com/Cyberw1ng/CVE-2025-33053-POC | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-33053
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2025-06-10 · 64 CVEs total
| CVE-2025-47172 | 8.8 HIGH | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-47166 | 8.8 HIGH | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-47163 | 8.8 HIGH | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-33073 | 8.8 HIGH | Windows SMB Client Elevation of Privilege Vulnerability |
| CVE-2025-33064 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-33066 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-47957 | 8.4 HIGH | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-32717 | 8.4 HIGH | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-47167 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-47164 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-47953 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-47162 | 8.4 HIGH | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-33067 | 8.4 HIGH | Windows Task Scheduler Elevation of Privilege Vulnerability |
| CVE-2025-47977 | 8.2 HIGH | Nuance Digital Engagement Platform Spoofing Vulnerability |
| CVE-2025-33070 | 8.1 HIGH | Windows Netlogon Elevation of Privilege Vulnerability |
| CVE-2025-32710 | 8.1 HIGH | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-33071 | 8.1 HIGH | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability |
| CVE-2025-29828 | 8.1 HIGH | Windows Schannel Remote Code Execution Vulnerability |
| CVE-2025-47168 | 7.8 HIGH | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-47169 | 7.8 HIGH | Microsoft Word Remote Code Execution Vulnerability |
Showing top 20 of 64 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Windows 10 Version 1507
- CVE-2025-64680
Windows DWM Core Library Elevation of Privilege Vulnerabilit - CVE-2025-64679
Windows DWM Core Library Elevation of Privilege Vulnerabilit - CVE-2025-62209
Windows License Manager Information Disclosure Vulnerability - CVE-2025-62208
Windows License Manager Information Disclosure Vulnerability - CVE-2025-59278
Windows Authentication Elevation of Privilege Vulnerability
Same vendor: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
Same weakness: CWE-73
- CVE-2026-41693
i18next-fs-backend: Path traversal via unsanitised lng/ns al - CVE-2026-44127
Local File Inclusion (LFI) and Arbitrary File Deletion - CVE-2026-7633
Totolink N300RH cstecgi.cgi setUploadSetting file inclusion - CVE-2026-42424
OpenClaw < 2026.4.8 - Local File Exfiltration via Shared Rep - CVE-2026-41177
Squidex has Blind SSRF via file:// Protocol in Restore API l
V. Comments for CVE-2025-33053
No comments yet