module
CVE-2025-33053 Exploit via Malicious .URL File and WebDAV
| Disclosed | Created |
|---|---|
| Jun 11, 2025 | Jun 29, 2025 |
Disclosed
Jun 11, 2025
Created
Jun 29, 2025
Description
This module exploits CVE-2025-33053 by generating a malicious .URL file pointing
to a trusted LOLBAS binary with parameters designed to trigger unintended behavior.
Optionally, a payload is generated and hosted on a specified WebDAV directory.
When the victim opens the shortcut, it will attempt to access the WebDAV path,
potentially resulting in remote code execution via a trusted binary.
to a trusted LOLBAS binary with parameters designed to trigger unintended behavior.
Optionally, a payload is generated and hosted on a specified WebDAV directory.
When the victim opens the shortcut, it will attempt to access the WebDAV path,
potentially resulting in remote code execution via a trusted binary.
Authors
Alexandra Gofman
David Driker
Dev Bui Hieu
David Driker
Dev Bui Hieu
Platform
Windows
Architectures
x64, x86, aarch64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.