Industry Insights

Yet Another SMB-Related CVE

Reading time: 2 Minutes Read
Roy Ludmir
Updated on: November 3, 2025
Yet Another SMB-Related CVE

CISA has just added a new CVE regarding SMB, with a very high CVSS rating.

CVE-2025-33073 is a high-severity (CVSS 8.8) vulnerability in the Windows SMB client caused by improper access control (CWE-284). An authenticated attacker can exploit it over the network to gain elevated privileges. Microsoft has issued guidance on how it should be patched and CalCom recommend this be done immediately.

Active exploitation and threat context

This vulnerability has already been exploited in the wild, with proof-of-concept (PoC) code and detection scripts publicly available. As a result, CISA added CVE-2025-33073 to its Known Exploited Vulnerabilities (KEV) catalog on October 20, 2025 (see the full alert here – CISA alert).

Once again, SMB is proving to be a recurring attack surface: vulnerabilities in this protocol are frequently exploited shortly after disclosure and due to delays in patching, may resurface even years later.

Although Microsoft has released patches and there are multiple detection tools (including the Vicarius detection script), proactive hardening of SMB configurations remains critical to minimizing long-term exposure.

Notably, this is the second significant SMB-related vulnerability in recent months, following CVE-2025-55234 (September 2025). It’s another example of how SMB continues to be a focal point for attackers. For additional context, see CalCom’s blog on the other recent SMB vulnerability

What CalCom Recommends

We’ve shortlisted some SMB configuration best practices:

  • Apply Microsoft patches for CVE-2025-33073 without delay. Refer to the official MSRC advisory for patch details and affected versions.
  • Block or limit SMB (TCP/UDP port 445) at network boundaries and between internal network segments.
  • Disable SMBv1 across all systems and enforce SMB signing via Group Policy to prevent tampering.
  • Restrict SMB access to essential hosts only — such as domain controllers, file servers, and management systems.
  • Segment administrative networks to isolate critical infrastructure from standard user workstations.
  • Enforce Kerberos authentication and phase out NTLM wherever possible; Kerberos reduces credential reuse and lateral movement risk.

CVE-2025-33073 demonstrates yet again how SMB remains a high-value target for attackers. Even when patches are available, delayed remediation and weak configuration practices make exploitation trivial for threat actors.

System administrators and security teams should patch, monitor, and harden SMB environments immediately — and review all SMB-related controls as part of ongoing server-hardening and vulnerability-management cycles.

Key Takeaways

  • CVE-2025-33073 is a high-severity SMB vulnerability already being exploited
  • CISA added it to the Known Exploited Vulnerabilities catalog in October, 2025
  • SMB remains a frequent and long-term target for attackers
  • Patches are available, but weak configurations still leave systems exposed
  • Proactive hardening is essential to reduce future exploitation risk

FAQs

1. What is CVE-2025-33073?
It’s a high-severity vulnerability in the Windows SMB client that allows authenticated attackers to gain elevated privileges over the network. It was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on October 20, 2025.
Why is SMB still a target for attackers?
SMB remains a widely used protocol with a long history of critical flaws. Attackers exploit it because many organizations delay patching or leave default configurations in place, making exploitation easy.
Is patching enough to protect against this vulnerability?
Patching is essential, but not sufficient. Without hardening SMB configurations, like enforcing signing, blocking unnecessary ports, and removing SMBv1, systems can still be exploited or misused.
What are the top SMB hardening best practices?
Apply patches immediately, disable SMBv1, enforce SMB signing, block port 445 at network boundaries, and restrict access to essential systems only.
Roy Ludmir
Roy Ludmir is a cybersecurity entrepreneur and CEO with over 15 years of experience driving product innovation and sales growth in the security industry. He is highly skilled in CIS Benchmarks, baseline hardening, and vulnerability management, helping organizations strengthen defenses and meet compliance requirements. With a unique blend of executive leadership and deep technical expertise, he bridges business strategy with practical security solutions.

Related Articles

Devices: Allow Undock Without Having to Log On
News

Devices: Allow Undock Without Having to Log On

Reading time: 5 Minutes Read
MadLicense CVE-2024-38077 RCE Threatens All Windows Servers
News

MadLicense CVE-2024-38077 RCE Threatens All Windows Servers

Reading time: 2 Minutes Read
Disable SMBv1 to Mitigate Petya
News

Disable SMBv1 to Mitigate Petya

Reading time: 2 Minutes Read

About Us

Established in 2001, CalCom is the leading provider of server hardening solutions that help organizations address the rapidly changing security landscape, threats, and regulations. CalCom Hardening Suite (CHS) is a security baseline hardening solution that eliminates outages, reduces operational costs, and ensures a resilient, constantly hardened, and monitored server environment.

More about us
Background Shape
About Us

Our Solutions to Strengthen Your Security Posture

CalCom Hardening Suite (CHS)
CalCom Hardening
Suite (CHS)
Secure IIS Server Hardening with CSS
Secure IIS Server
Hardening with CSS
Server Audit & Compliance Analysis Software
Server Audit & Compliance
Analysis Software

Stay Ahead with Our Newsletter

Get the latest insights, security tips, and exclusive resources straight to your inbox every month.

    Explore More Insights & Solutions

    Visit Our Resource Center
    Visit Our Resource Center

    In-depth guides, reports & webinars

    Read Our Latest Blog Posts
    Read Our Latest Blog Posts

    Stay updated with industry insights

    Ready to simplify compliance?

    See automated compliance in action—book your demo today!

    Get a Demo