← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-33053 — Actively Exploited: Windows (Microsoft)

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.

CVE IDCVE-2025-33053
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows External Control of File Name or Path Vulnerability
Date added2025-06-10
Remediation due2025-07-01
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionMicrosoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →