FIND-20260325-023 · 2026-03-25 · Innovation Veille

CVE-2025-33073 — Windows NTLM Reflection SMB Privilege Escalation (PoC active, CISA KEV)

cve MEDIUM
Security researcher @7h3h4ckv157 (OSCP+, EY consultant, Hall of Fame: Google/Apple/NASA/X) shared content about CVE-2025-33073, a Windows SMB NTLM reflection vulnerability with CVSS 8.8 (High). The flaw allows an authenticated remote attacker to escalate to NT AUTHORITY\SYSTEM on any Windows machine not enforcing SMB signing. Microsoft patched it June 2025 (Patch Tuesday). CISA added it to Known Exploited Vulnerabilities (KEV) in October 2025. Public PoC is available on GitHub (690 stars). Note: the specific tweet content is unresolvable (too recent to be indexed by search engines). The finding is based on the account's documented content pattern and the most recent indexed tweet from the same account, which explicitly referenced this CVE. Recommendation: treat this as an informational advisory for the ODS infrastructure team.

Source

https://x.com/7h3h4ckv157/status/2036853373925023767

ODS Impact

ODS infrastructure runs on GCP Linux hosts (not Windows), so the NTLM SMB attack surface does not apply directly. However: (1) The ADLC pipeline uses GitHub Actions — build agents on Windows runners would be exposed. (2) Any developer workstations running Windows would be at risk if not patched. (3) The WireGuard VPN overlay does not protect against NTLM relay if a Windows node is on the internal network. Mitigation: enforce SMB signing via Group Policy on all Windows nodes, ensure KB from June 2025 Patch Tuesday is applied. Linux/Docker infra is not affected.

Security Review

License: N/A (CVE advisory) | Maintenance: ACTIVE | Risk: LOW | Recommendation: USE_WITH_CAUTION

Tags

cve windows ntlm smb privilege-escalation cisa-kev poc-available infra patch-tuesday
Generated by ODS Innovation Veille · 2026-03-25T20:43:13+00:00