July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it’s a very short one. 🙂
🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)
Only three trending vulnerabilities:
🔻 Remote Code Execution – Internet Shortcut Files (CVE-2025-33053)
🔻 Elevation of Privilege – Windows SMB Client (CVE-2025-33073)
🔻 Remote Code Execution – Roundcube (CVE-2025-49113)
About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a specially crafted .url file, delivered, for example, through a phishing attack.
🔹 The vulnerability was reported by Check Point researchers. On June 10, the day of Microsoft’s June Patch Tuesday, they published technical details on their website. The vulnerability had been exploited by the APT group Stealth Falcon since at least March 2025. The exploitation led to the download and execution of malware (Horus Agent) from the attacker’s WebDAV server.
🔹 Exploits for this vulnerability have been available on GitHub since June 12.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.