CISA reports that a high-severity Windows SMB vulnerability (CVE-2025-33073) is actively being exploited by threat actors to escalate privileges and gain SYSTEM access on unpatched systems.

This vulnerability involves the Windows SMB client, allowing privilege escalation over a network, and was confirmed by Microsoft in June, with a fix released then.

The flaw enables attackers to execute malicious scripts that manipulate affected machines to connect to attacker-controlled SMB servers, facilitating lateral movement within networks.

CISA has issued a warning emphasizing the importance of timely updates, especially for Federal Civilian Executive Branch agencies, as part of Binding Operational Directive 22-01.

Despite Microsoft releasing patches, the company has not publicly acknowledged the active exploitation, though credible reports confirm ongoing attacks.

CISA advises all organizations, including private sector entities, to prioritize patching this vulnerability due to its active exploitation and significant security risks.

Multiple security researchers, including CrowdStrike, Synacktiv, Google Project Zero, BNP Paribas, and others, discovered and reported the flaw.

In addition to this vulnerability, CISA has added four other flaws to its KEV list, including a recently patched Oracle E-Business Suite vulnerability, which may also be exploited in active campaigns.

CISA has added CVE-2025-33073 to its Known Exploited Vulnerabilities Catalog and mandates that Federal Civilian Executive Branch agencies patch or disconnect affected systems by November 10, 2025.

CISA has mandated a 14-day deadline for some organizations to update their Windows systems but recommends immediate action to reduce exposure to cyberattacks.

Organizations are advised to ensure all endpoints and servers are patched with the June updates, monitor for suspicious SMB activity, and restrict SMB exposure to untrusted networks.

The alert highlights the ongoing threat landscape where malicious actors exploit such vulnerabilities, prompting urgent security measures across organizations.