CVE-2025-33053

HIGH

KEV

KISA

Exploit

설명

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

Score Summary

CVSS Score: 8.8
Version: 3.1
Risk Score: 8.90
Attack Vector: Network
Low Complexity
No Privileges
User Interaction Required
Scope Unchanged
High Confidentiality Impact
High Integrity Impact
High Availability Impact

Details

Published: 06/10/2025(12 months ago)
Modified: 10/27/2025(8 months ago)
Source: KEV, NVD, KISA
Products: 15

CISA KEV Listing

Vendor / Project: Microsoft
Product: Windows

Date Added: 06/10/2025
Due Date: 07/01/2025Overdue 344d

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Listed in KISA bulletin

This CVE is referenced in a KISA security bulletin (Korean only).

Bulletin ID: 71807
Published: 2025-07-10

boho.or.kr

Vulnerability Lifecycle

CISA KEVKEV Listed06/10/2025
NVDPublished06/10/2025
KISA

CWE Weakness Classification

CWE-73
NVD
Secondary

References (9)

NVD
Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
NVD
Exploit
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
NVD