How to fix EUVD-2025-17737?

Within 24 hours: Inventory all Windows systems with SMB enabled and assess network exposure; implement network segmentation to restrict SMB traffic to only trusted internal segments. Within 7 days: Deploy compensating controls including SMB signing enforcement and restrict access to SMB ports (139, 445) at network perimeter; conduct threat hunting for exploitation indicators. Within 30 days: Establish continuous monitoring for SMB-based lateral movement; develop and test incident response procedures; prepare for emergency patching once vendor releases a fix.

Is Windows Server 2022 affected by EUVD-2025-17737?

CVE-2025-33073 is a critical Windows SMB vulnerability actively exploited in the wild that allows authorized network users to gain elevated system privileges.

EUVD-2025-17737

| CVE-2025-33073 HIGH

2025-06-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17737

Added to CISA KEV

Oct 27, 2025 - 17:12 cisa

CISA KEV

PoC Detected

Oct 27, 2025 - 17:12 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 17:23 nvd

HIGH 8.8

Description

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Analysis

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attackers to escalate privileges over the network. KEV-listed with EPSS 57.6% and public PoC, this vulnerability in the core Windows file sharing protocol affects every Windows system on the network, enabling lateral movement from any compromised domain account to SYSTEM-level access on SMB-accessible systems.

Technical Context

SMB (Server Message Block) is the primary file and print sharing protocol in Windows networks. The access control flaw allows an authenticated user (any domain account) to escalate privileges on remote systems through the SMB protocol. Because SMB is enabled by default on all Windows systems and is the foundation of Windows domain file sharing, this vulnerability provides a powerful lateral movement technique — any compromised domain account can escalate to SYSTEM on any reachable Windows system.

Affected Products

['Microsoft Windows 10', 'Microsoft Windows 11', 'Microsoft Windows Server (all supported versions)']

Remediation

Apply Microsoft security update immediately across all Windows systems. This is a network-worm-capable vulnerability — patch everything. Monitor for unusual SMB authentication patterns. Consider SMB signing and encryption enforcement. Segment networks to limit SMB exposure.

Priority Score

172

Low Medium High Critical

KEV: +50

EPSS: +57.6

CVSS: +44

POC: +20

EUVD-2025-17737 vulnerability details – vuln.today

Back

EUVD-2025-17737

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-17737

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code