What makes CVE-2025-33053 particularly dangerous compared to other vulnerabilities?

CVE-2025-33053 is actively being exploited in the wild, meaning attackers are already using it in real-world attacks. It leverages .URL shortcut files that link to WebDAV servers to execute code, and Microsoft has confirmed exploit activity, making it a high-priority patch.

Should I be concerned about the Office 365 preview pane vulnerabilities if patches aren't available yet?

While the preview pane vulnerabilities are serious because they can trigger without user interaction, there are currently no known exploits in the wild. However, you should monitor for patch availability and consider disabling preview pane functionality as a temporary mitigation until Microsoft releases updates for the Office client.

June 2025 Patch Tuesday: Exploited WebDAV Flaw & Office Risks

Name: June 2025 Patch Tuesday: Exploited WebDAV Flaw & Office Risks
Uploaded: 2026-05-12T20:28:39-04:00
Duration: 1 min 43 s
Description: Tyler Reguly breaks down the key highlights from June’s Patch Tuesday: * CVE-2025-33053: Actively exploited vulnerability involving .url shortcut files and WebDAV. * Office 365 Preview Pane Risks: Multiple vulnerabilities could trigger on email open, b...

Fortra

05/12/2026

0 (0%)

Report Like Favorite

TL;DR

CVE-2025-33053 is actively exploited in the wild, involving malicious .URL shortcut files that link to WebDAV servers to achieve code execution—immediate patching is critical.
Four Microsoft Office 365 vulnerabilities are preview pane-affected, meaning exploits could trigger automatically when emails are opened without any user interaction required.
Microsoft 365 Office client patches are not yet available for the preview pane vulnerabilities, though no active exploits currently exist, creating a window of exposure to monitor.

Summary

Tyler Reguly, Associate Director of Security R&D at Fortra, provides a focused analysis of June 2025's Microsoft Patch Tuesday, highlighting two critical areas requiring immediate attention from security teams. The briefing covers an actively exploited vulnerability involving .URL shortcut files and WebDAV servers (CVE-2025-33053), which has been documented by Checkpoint researchers and requires urgent patching. Additionally, Reguly addresses four Microsoft Office 365 vulnerabilities that are preview pane-affected, meaning they could execute without user interaction when emails are opened. Notably, patches for the Microsoft 365 Office client are not yet available, creating a temporary exposure window that defenders should monitor. This concise update helps security practitioners prioritize their patching efforts for the month and understand the specific risks associated with each vulnerability class.

Chapters

0:00 - Introduction
0:13 - CVE-2025-33053 Actively Exploited
0:45 - Office 365 Preview Pane Vulnerabilities
1:34 - Closing

Key Quotes

0:18 "This is the one CVE that Microsoft listed as exploit detected."
0:30 "... a .URL shortcut file that links to a WebDAV server and allows for code execution."
1:06 "... if your preview is turned on, the exploit has a chance to run immediately without any interaction from you."

Categories:

» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Reveal Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-reveal-hidden-threats-and-ai-risks-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Deployment Phases

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-deployment-phases/
05/20/2026

08:00 AM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1937/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1953/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/27/2026

10:00 AM

05/27/2026

Adopting AI: From Illusion to Intentional Control

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transitioning-from-illusion-to-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

Harnessing AI for Smaller Teams: Strategies for Secure Implementation

https://www.truthinit.com/index.php/channel/1951/harnessing-ai-for-smaller-teams-strategies-for-secure-implementation/
06/02/2026

01:00 PM

06/02/2026

Spring of Satori: Delving into Recent Findings and the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-delving-into-recent-findings-and-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: Essential Fixes First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-essential-fixes-first/