The Cybersecurity and Infrastructure Security Agency (CISA) is warning that threat actors are now actively exploiting a high-severity vulnerability in Windows SMB (Server Message Block). This privilege escalation flaw, if left unpatched, allows attackers to gain SYSTEM privileges on compromised systems.
The Vulnerability and Active Exploitation
Tracked as CVE-2025-33073, the security defect impacts all supported versions of Windows Server, Windows 10, and Windows 11 up to version 24H2. Microsoft released a patch for this flaw during the June 2025 Patch Tuesday updates. The company explained that the vulnerability stems from an improper access control weakness that allows authorized attackers to elevate their network privileges.
To exploit the flaw, an attacker can use a specially crafted malicious script to convince the victim's machine to connect and authenticate back to an attacker-controlled SMB server. This action results in the elevation of privilege. Although Microsoft had previously noted that public information about the bug was available before the patch, CISA's claim marks the first confirmation that the flaw is under active exploitation in the wild.
Mandatory Federal Patching
CISA has added CVE-2025-33073 to its Known Exploited Vulnerabilities Catalog, mandating that all Federal Civilian Executive Branch (FCEB) agencies secure their systems by November 10. This requirement is enforced by Binding Operational Directive (BOD) 22-01.
While the directive only targets federal agencies, the US cybersecurity agency strongly encourages all organizations, including those in the private sector, to apply the necessary security updates immediately. CISA cautioned that vulnerabilities of this type are frequent attack vectors for malicious cyber actors and pose significant risks to any enterprise network.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
