The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert about a severe Microsoft Windows Server Message Block (SMB) vulnerability.
The security flaw, tracked as CVE-2025-33073, has been added to CISA’s Known Exploited Vulnerabilities catalog, signaling that hackers are already taking advantage of this weakness in real-world attacks.
CVE-2025-33073 is an improper access control vulnerability within the Microsoft Windows SMB Client.
The SMB Client is a key Windows component that lets computers share files and printers over a network.
When this flaw is exploited, attackers can escalate their privileges on a compromised system, meaning they can gain more control than they should have.
Attackers can trick a victim’s computer into connecting back to a server they control via the SMB protocol.
When the victim’s system authenticates with the attacker’s server, the flaw is triggered, letting the attacker bypass security and potentially gain high-level permissions.
This makes it easier for them to move through a network, steal sensitive files, or drop other malware.
| CVE ID | Vulnerability Type | Affected Product |
|---|---|---|
| CVE-2025-33073 | Improper Access Control | Microsoft Windows SMB Client |
Active Exploitation and Urgent Remediation
CISA’s advisory reveals that this vulnerability is being used in the wild, posing a direct threat to important federal networks and critical infrastructure.
The agency added CVE-2025-33073 to its catalog on October 20, 2025.
Under CISA regulations, federal civilian executive branch agencies have only until November 10, 2025, to fix the issue by applying vendor patches or by discontinuing use of affected products.
This move falls under CISA’s Binding Operational Directive 22-01, which forces federal agencies to patch high-risk flaws quickly.
Even though the directive is aimed at government agencies, CISA strongly urges all organizations to check the Known Exploited Vulnerabilities catalog and to make patching listed vulnerabilities a top priority in their cybersecurity processes.
All organizations using Windows systems are urged to:
- Review Microsoft’s security update guidance for CVE-2025-33073.
- Apply available patches or recommended mitigations immediately.
- If a fix is not available, follow CISA’s or Microsoft’s advice to temporarily disable the affected feature or discontinue product use.
It is not yet clear whether CVE-2025-33073 has been linked to ransomware attacks, but privilege escalation flaws like this are often used by ransomware groups to take over enterprise systems.
Security teams are advised to watch for suspicious SMB connections and unusual authentication attempts, which could signal that someone is trying to exploit this vulnerability.
By acting quickly, organizations can better protect themselves against current attacks—reinforcing the importance of timely patching and strong vulnerability management practices.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
.webp?resize=1600,900&ssl=1&description=The security flaw, tracked as CVE-2025-33073, has been added to CISA’s Known Exploited Vulnerabilities catalog,){kind=link}