CISA: Critical Windows SMB Flaw Under Active Attack with Public Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered flaw in the Windows SMB component to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-33073, stems from an access control failure that allows remote attackers to gain SYSTEM-level privileges over the network. Experts report that the flaw is already being actively exploited in the wild, with publicly available proof-of-concept exploits circulating online. The issue affects all Windows versions that have not received Microsoft’s June 2025 security update.

The Server Message Block (SMB) protocol is a core component of Windows networking, responsible for file sharing, printer access, and synchronization between enterprise systems. It enables communication and resource exchange within local networks and Active Directory domains. A disruption or compromise of this protocol could result in widespread infrastructure infections and unauthorized access to sensitive data and resources.

The vulnerability carries a CVSS severity score of 8.8 out of 10. Microsoft warns that successful exploitation grants attackers complete control over the affected system, including the ability to install software, alter configurations, and exfiltrate personal or corporate information. According to the company, compromise occurs when a user connects to a maliciously crafted SMB server, which executes arbitrary code under system-level privileges upon establishing a connection.

Security researchers note that exploiting the flaw requires minimal technical skill. An attacker only needs to trick a target machine into establishing a reverse SMB connection and completing authentication. If SMB signing — a feature that verifies message integrity — is disabled in security policies, the attack can succeed with almost no resistance. According to Synacktiv, the vulnerability allows any authenticated user to execute SYSTEM-level commands on devices where SMB signing is not enforced.

Similar conclusions were reached by RedTeam, which confirmed the flaw’s presence in Windows 10, Windows 11, and server editions released between 2019 and 2025. Exploits have already been published on GitHub, making attacks significantly easier to carry out and amplifying the risk of large-scale infections. Threat actors are reportedly using this weakness for lateral movement across domain networks, gaining control of additional hosts and administrative accounts.

CISA has mandated that all federal agencies install the relevant security updates immediately, setting a compliance deadline of November 10, 2025. The agency warns that exploitation of CVE-2025-33073 poses a critical risk to network infrastructure, potentially allowing full system takeover if left unpatched. Experts urge administrators to enable SMB signing on all servers, restrict SMB port access at the network level, and apply all pending updates promptly to prevent remote code execution and privilege escalation.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy