
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2025-33073 is a security vulnerability discovered in Windows SMB (Server Message Block) that was disclosed on June 10, 2025. The vulnerability stems from improper access control implementation in the Windows SMB system (NVD, CVE).
The vulnerability is classified as an Improper Access Control (CWE-284) issue. Microsoft has assigned it a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).
The vulnerability allows an authorized attacker to elevate privileges over a network, potentially gaining higher levels of access to system resources than intended. This could lead to unauthorized access to sensitive information, system modifications, or complete system compromise (NVD).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."