Microsoft has recently disclosed a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation, identified as CVE-2025-33053. This flaw is actively exploited in the wild, affecting all supported versions of Windows. The vulnerability allows unauthorized attackers to execute arbitrary code over a network by manipulating file names or paths within WebDAV.
WebDAV, an extension of the HTTP protocol, enables users to collaboratively edit and manage files on remote web servers. Its integration into Windows facilitates seamless file sharing and editing across networks. However, this integration also broadens the attack surface, especially when vulnerabilities like CVE-2025-33053 are present.
The exploitation method involves enticing users to click on specially crafted WebDAV URLs. Upon interaction, these URLs trigger the remote code execution vulnerability, potentially compromising the entire system. Despite requiring user interaction, the severity of this flaw cannot be understated due to its widespread impact and ease of exploitation.
Security researchers at Check Point Research were instrumental in discovering this vulnerability and provided evidence of its active exploitation. Their findings underscore the critical nature of the flaw and the urgency required in addressing it.
In response, Microsoft has released patches for Windows 10, Windows 11, and various Windows Server editions as part of the June 2025 Patch Tuesday updates. This cycle addressed 66 vulnerabilities, with CVE-2025-33053 being one of two zero-day flaws fixed. The integration of the WebDAV component with Internet Explorer mode in Microsoft Edge and other applications through the WebBrowser control significantly expands the attack surface. Notably, while Internet Explorer 11 has been retired on certain platforms, the underlying MSHTML platform remains supported and vulnerable.
Security experts are urging immediate deployment of the available patches, especially given the confirmed exploitation in the wild. Organizations using legacy Windows systems and those with Internet Explorer compatibility mode enabled face heightened risks. Microsoft recommends that customers installing Security Only updates also install the corresponding IE Cumulative updates to ensure complete protection against this vulnerability.
This incident highlights a concerning trend of WebDAV-related security issues that threat actors have increasingly targeted in recent years. The combination of WebDAV's widespread use and its integration with various Windows components makes it a lucrative target for attackers.
In conclusion, the discovery and active exploitation of CVE-2025-33053 serve as a stark reminder of the importance of timely patching and vigilance in cybersecurity practices. Organizations must prioritize the deployment of security updates and educate users on the risks associated with interacting with unfamiliar URLs to mitigate potential threats.
Source: CybersecurityNews Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild - All Versions Affected
