CVE-2025-33073
vulnerability analysis and mitigation

Overview

CVE-2025-33073 is a security vulnerability discovered in Windows SMB (Server Message Block) that was disclosed on June 10, 2025. The vulnerability stems from improper access control implementation in the Windows SMB system (NVD, CVE).

Technical details

The vulnerability is classified as an Improper Access Control (CWE-284) issue. Microsoft has assigned it a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

Impact

The vulnerability allows an authorized attacker to elevate privileges over a network, potentially gaining higher levels of access to system resources than intended. This could lead to unauthorized access to sensitive information, system modifications, or complete system compromise (NVD).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management