How to fix CVE-2025-33053?

Within 24 hours: Disable or restrict access to Internet Shortcut File functionality where possible; alert users to avoid opening .url files from untrusted sources; establish incident response readiness for potential exploitation. Within 7 days: Deploy network segmentation to isolate high-value assets; implement enhanced email filtering to block .url file attachments; conduct endpoint scanning for signs of compromise. Within 30 days: Continuously monitor vendor advisories for patch availability; perform threat hunt across endpoints for exploitation indicators; develop user awareness training specific to this threat.

Is Windows affected by CVE-2025-33053?

CVE-2025-33053 is a critical vulnerability affecting Internet Shortcut Files that enables remote code execution with no patch currently available.

CVE-2025-33053

EUVD-2025-17721 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17721

Added to CISA KEV

Oct 27, 2025 - 17:12 cisa

CISA KEV

PoC Detected

Oct 27, 2025 - 17:12 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 17:22 nvd

HIGH 8.8

Description

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

Analysis

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables remote code execution over a network. KEV-listed with EPSS 48.5% and public PoC, this vulnerability allows attackers to craft malicious .url files that execute arbitrary code when opened, bypassing the security restrictions normally applied to internet-sourced shortcut files.

Technical Context

Internet Shortcut (.url) files are simple text files that point to web resources. Windows handles them through the Shell, applying security checks based on the file's origin. This vulnerability allows attackers to manipulate the file path or name handling to bypass security restrictions (Mark of the Web, SmartScreen) and execute arbitrary code. The .url format is particularly dangerous because it's commonly shared via email and file shares, and users often trust shortcut files.

Affected Products

['Microsoft Windows 10', 'Microsoft Windows 11', 'Microsoft Windows Server (all supported versions)']

Remediation

Apply Microsoft security update. Block .url file attachments at email gateways. Educate users about shortcut file risks. Enable ASR rules for Shell-based attack prevention.

Priority Score

163

Low Medium High Critical

KEV: +50

EPSS: +48.5

CVSS: +44

POC: +20

CVE-2025-33053 vulnerability details – vuln.today

Back

CVE-2025-33053

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-33053

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code