4 min read
By: RedLegg Blog
*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability
CVSS Score: 8.8 (High)
Identifier: CVE-2025-33053
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-33053 – Microsoft Security Advisory
Description:
CVE-2025-33053 is a high-severity vulnerability affecting the Web Distributed Authoring and Versioning (WebDAV) service, a feature that enables remote web content authoring on Microsoft Windows systems. The vulnerability is caused by insufficient validation of externally supplied file names or paths, which can be exploited to achieve remote code execution.
To exploit this vulnerability, an attacker would typically need to convince a user to click on a specially crafted URL. Once clicked, the malicious URL triggers a WebDAV request that can execute unauthorized code on the target system. This attack vector relies on user interaction, making it especially effective when combined with phishing or social engineering techniques.
Mitigation Recommendation: Microsoft has issued security updates to resolve CVE-2025-33053 as part of the June 2025 Patch Tuesday. It is strongly recommended that all affected systems be updated immediately. If patching is delayed, administrators should consider disabling WebDAV where it is not needed, restricting access via firewall rules, and monitoring for suspicious activity involving WebDAV endpoints.
