CVE-2025-33053
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,2954
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
73
External Control of File Name or Path
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Other)
Applicable Platforms
Operating Systems:
Unix, Windows, macOS
Operating System
Windows 10 22H2 by Microsoft
Version Range Affected
To
10.0.19045.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 24H2 by Microsoft
Version Range Affected
To
10.0.26100.4270
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1607 by Microsoft
Version Range Affected
To
10.0.14393.8148
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1607 by Microsoft
Version Range Affected
To
10.0.14393.8148
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2019 by Microsoft
Version Range Affected
To
10.0.17763.7434
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 21H2 by Microsoft
Version Range Affected
To
10.0.19044.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2022 23H2 by Microsoft
Version Range Affected
To
10.0.25398.1665
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 21H2 by Microsoft
Version Range Affected
To
10.0.19044.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1809 by Microsoft
Version Range Affected
To
10.0.17763.7434
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 22H2 by Microsoft
Version Range Affected
To
10.0.19045.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 22H2 by Microsoft
Version Range Affected
To
10.0.22621.5472
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2022 by Microsoft
Version Range Affected
To
10.0.20348.3745
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 23H2 by Microsoft
Version Range Affected
To
10.0.22631.5472
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 23H2 by Microsoft
Version Range Affected
To
10.0.22631.5472
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2012 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1507 by Microsoft
Version Range Affected
To
10.0.10240.21034
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2016 by Microsoft
Version Range Affected
To
10.0.14393.8148
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 22H2 by Microsoft
Version Range Affected
To
10.0.22621.5472
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 21H2 by Microsoft
Version Range Affected
To
10.0.19044.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2012 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 11 24H2 by Microsoft
Version Range Affected
To
10.0.26100.4270
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2025 by Microsoft
Version Range Affected
To
10.0.26100.4270
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1809 by Microsoft
Version Range Affected
To
10.0.17763.7434
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 22H2 by Microsoft
Version Range Affected
To
10.0.19045.5965
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 10 1507 by Microsoft
Version Range Affected
To
10.0.10240.21034
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited…
https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits…
https://www.theregister.com/2025/06/10/microsoft_patch_tuesday_june/
https://www.vicarius.io/vsociety/posts/cve-2025-33053-detection-script-remote-c…
https://www.vicarius.io/vsociety/posts/cve-2025-33053-mitigation-script-remote-…
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053