CVE-2025-33053

Internet Shortcut Files (.URL) • All available versions • External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
Reported on 23-March-25 by Alexandra Gofman, David Driker
CPR-ID: 2200
Upload Date: 07-July-25

Information

When opening a maliciously crafted URL file with the WorkingDirectory property set to a UNC path, an attacker can cause remote code execution on a victim machine.

References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
https://research.checkpoint.com/2025/stealth-falcon-zero-day/

Share this: