CVE-2025-33053 - Microsoft Windows External Control of File Name or Path Vulnerability
Project:Microsoft
Product:Windows
Date Added:2025-06-10Due Date:2025-07-01
Vulnerability Name
Microsoft Windows External Control of File Name or Path Vulnerability
Description
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053
https://nvd.nist.gov/vuln/detail/CVE-2025-33053
Related News Articles
Microsoft fixes Surface Hub boot issues with emergency updateJune 17, 2025
Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devicesJune 13, 2025
Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issueJune 12, 2025
Hackers exploited Windows WebDav zero-day to drop malwareJune 11, 2025
Microsoft creates separate Windows 11 24H2 update for incompatible PCsJune 11, 2025