Vulnerability intelligence
CVE-2025-33073
Microsoft Windows SMB Client Improper Access Control Vulnerability
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
High
EPSS — Exploit Probability
65%
Riskier than 99% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2025-11-10
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2025-11-10.
1 article across 1 outlet · first covered May 13, 2026 · latest May 13, 2026
Tracked incidents
Associated threat actors
Coverage timeline
-
Gentlemen RaaS leak reveals 332 victims, internal chats exposedresearch.checkpoint.com · May 13, 2026