THREATOPS
THREAT OPSCVEs › CVE-2025-33053

CVE-2025-33053 — Microsoft Windows External Control of File Name or Path Vulnerability

CISA KEVExploited: confirmedMicrosoft

Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.

Vulnerability details