CVE-2025-33053CISA KEV: Actively Exploited

Microsoft Windows External Control of File Name or Path Vulnerability

Published Jun 10, 2025Updated Jun 10, 2025

Description

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.

Public Exploits & PoCs6 found

PoC: CVE-2025-33053-Proof-Of-Concept

CVE-2025-33053 Proof Of Concept (PoC)

7

PoC: CVE-2025-33053-POC

POC for CVE-2025-33053 WebDav Exploit, demonstrating how the vulnerability can be triggered in a real environment. This repository focuses on hands-on exploitation steps, reproducible test cases, and observable impact, helping security researchers and defenders understand the issue and validate fixes.

PoC: CVE-2025-33053_PoC

POC exploit for CVE-2025-33053 (External control of file execution path in URL file)

PoC: CVE-2025-33053-WebDAV-RCE-PoC-and-C2-Concept

Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF payload and a video-only showcase of potential command-and-control capabilities.

PoC: CVE-2025-33053-Checker-PoC

CVE-2025-33053 Checker and PoC

PoC: CVE-2025-33053

WebDAV Path Handling Vulnerability 馃攳

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free