CVE-2025-33073CISA KEV: Actively Exploited

Microsoft Windows SMB Client Improper Access Control Vulnerability

Published Oct 20, 2025·Updated Oct 20, 2025

Description

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.

Public Exploits & PoCs12 found

PoC: CVE-2025-33073

PoC Exploit for the NTLM reflection SMB flaw.

21

PoC: CVE-2025-33073

Universal exploitation tool for CVE-2025-33073 targeting Windows Domain Controllers with DNSAdmins privileges and WinRM enabled.

4

PoC: cupntlm-Automated-Exploit-For-CVE-2025-33073-

cupntlm

2

PoC: windows-smb-vulnerability-framework-cve-2025-33073

Proof-of-Concept

2

PoC: SMB-CVE-2025-33073

Advanced SMB Honeypot: CVE-2025-33073 Research & Implementation

PoC: CVE-2025-33073

Non-Coercive unauthenticated detection script for NTLM reflection

PoC: CVE-2025-33073

🔧 Exploit CVE-2025-33073 with this universal tool for Windows Domain Controllers, enabling SYSTEM-level code execution through automated techniques.

PoC: Blackash-CVE-2025-33073

CVE-2025-33073

PoC: Blackash-CVE-2025-33073

CVE-2025-33073

PoC: CVE-2025-33073-checker

This rough PoC checker script tests targets for CVE-2025-33073 vulnerability by attempting to perform NTLM reflection attacks using NTLM auth coercion via samba RPC, to do this you need to have account with access to the samba.

PoC: CVE-2025-33073

# CVE-2025-33073PoC Exploit for the NTLM reflection SMB flaw. All credits go to the official research: [Synacktiv](https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025) 🐙### PrerequisitesOS: Kali Linux (has most packages pre-installed).* NetExec (NXC) - https://github.com/P

PoC: CVE-2025-33073

🛠️ Exploit the NTLM reflection SMB flaw with this PoC tool for Kali Linux, enhancing your understanding of CVE-2025-33073 through practical application.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free