Jun 2025: Windows SMB Client Elevation of Privilege Vulnerability
CVE-2025-33073 Published on June 10, 2025
Windows SMB Client Elevation of Privilege Vulnerability
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Known Exploited Vulnerability
This Microsoft Windows SMB Client Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
The following remediation steps are recommended / required by November 10, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2025-33073 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2025-33073
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 10 Version 1507:- Version 10.0.10240.0 and below 10.0.10240.21034 is affected.
- Version 10.0.14393.0 and below 10.0.14393.8148 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7434 is affected.
- Version 10.0.19044.0 and below 10.0.19044.5965 is affected.
- Version 10.0.19045.0 and below 10.0.19045.5965 is affected.
- Version 10.0.22621.0 and below 10.0.22621.5472 is affected.
- Version 10.0.22631.0 and below 10.0.22631.5472 is affected.
- Version 10.0.22631.0 and below 10.0.22631.5472 is affected.
- Version 10.0.26100.0 and below 10.0.26100.4349 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27769 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27769 is affected.
- Version 6.0.6003.0 and below 6.0.6003.23351 is affected.
- Version 6.0.6003.0 and below 6.0.6003.23351 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25522 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25522 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22620 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22620 is affected.
- Version 10.0.14393.0 and below 10.0.14393.8148 is affected.
- Version 10.0.14393.0 and below 10.0.14393.8148 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7434 is affected.
- Version 10.0.17763.0 and below 10.0.17763.7434 is affected.
- Version 10.0.20348.0 and below 10.0.20348.3807 is affected.
- Version 10.0.25398.0 and below 10.0.25398.1665 is affected.
- Version 10.0.26100.0 and below 10.0.26100.4349 is affected.
- Version 10.0.26100.0 and below 10.0.26100.4349 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.