![Top Features of Vision-Based Workplace Safety Tools [2025]](https://static.wixstatic.com/media/379e66_7e75a4bcefe14e4fbc100abdff83bed3~mv2.jpg/v1/fit/w_1000,h_884,al_c,q_80/file.png?#)
![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![PSA: Widespread internet outage affects Spotify, Google, Discord, Cloudflare, more [U: Fixed]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2024/07/iCloud-Private-Relay-outage-resolved.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Teaser Trailer for 'The Lost Bus' Starring Matthew McConaughey [Video]](https://www.iclarified.com/images/news/97582/97582/97582-640.jpg)
Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected
Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting an urgent security update as part of June 2025’s Patch Tuesday. The vulnerability, tracked as CVE-2025-33053, represents a serious remote code execution flaw that allows unauthorized attackers to […] The post Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected appeared first on Cyber Security News.
Microsoft has confirmed that a critical zero-day vulnerability in its Web Distributed Authoring and Versioning (WebDAV) implementation is being actively exploited by attackers in the wild, prompting an urgent security update as part of June 2025’s Patch Tuesday.
The vulnerability, tracked as CVE-2025-33053, represents a serious remote code execution flaw that allows unauthorized attackers to execute arbitrary code over a network through external control of file names or paths in WebDAV. The security flaw affects all supported versions of Microsoft Windows, making it one of the most widespread vulnerabilities addressed in the current patch cycle.
“External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network,” Microsoft stated in its security advisory. The vulnerability has been assigned an “Important” severity rating and requires user interaction for successful exploitation.
Active Exploitation in the Wild
Security researchers at Check Point Research discovered the vulnerability and reported evidence of active exploitation. The attack vector requires victims to click on specially crafted WebDAV URLs, which then triggers the remote code execution vulnerability.
“The user would have to click on a specially crafted URL to be compromised by the attacker,” Microsoft explained regarding the exploitation method. Despite requiring user interaction, the vulnerability poses significant risks due to its potential to compromise the entire system.
The vulnerability affects a broad range of Microsoft systems, with patches being distributed for Windows 10, Windows 11, and various Windows Server editions.
Microsoft’s June 2025 Patch Tuesday addressed 66 total vulnerabilities, with CVE-2025-33053 being one of two zero-day flaws fixed in this cycle.
The WebDAV component’s integration with Internet Explorer mode in Microsoft Edge and other applications through WebBrowser control significantly expands the attack surface.
Microsoft noted that while Internet Explorer 11 has been retired on certain platforms, the underlying MSHTML platform remains supported and vulnerable.
Security experts are urging immediate deployment of the available patches, particularly given the confirmed exploitation in the wild.
The vulnerability joins a concerning trend of WebDAV-related security issues that threat actors have increasingly targeted in recent years.
Organizations using legacy Windows systems and those with Internet Explorer compatibility mode enabled face heightened risk.
Microsoft recommends that customers installing Security Only updates also install the corresponding IE Cumulative updates to ensure complete protection against this vulnerability.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post Windows WEBDAV 0-Day RCE Vulnerability Actively Exploited in the Wild – All Versions Affected appeared first on Cyber Security News.
