| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
By manipulating the working directory of Windows processes, attackers can utilize these valid processes and trick them into running arbitrary code from a WebDAV server. This has been done by using a phishing email with a malicious PDF document attached, leading to code execution, the creation of backdoors, the introduction of a keylogger onto the system, and data exfiltration via C2.
References
|
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
By manipulating the working directory of Windows processes, attackers can utilize these valid processes and trick them into running arbitrary code from a WebDAV server. This has been done by using a phishing email with a malicious PDF document attached, leading to code execution, the creation of backdoors, the introduction of a keylogger onto the system, and data exfiltration via C2.
References
|
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability | secondary_impact | T1056.001 | Keylogging |
Comments
By manipulating the working directory of Windows processes, attackers can utilize these valid processes and trick them into running arbitrary code from a WebDAV server. This has been done by using a phishing email with a malicious PDF document attached, leading to code execution, the creation of backdoors, the introduction of a keylogger onto the system, and data exfiltration via C2.
References
|
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability | secondary_impact | T1041 | Exfiltration Over C2 Channel |
Comments
By manipulating the working directory of Windows processes, attackers can utilize these valid processes and trick them into running arbitrary code from a WebDAV server. This has been done by using a phishing email with a malicious PDF document attached, leading to code execution, the creation of backdoors, the introduction of a keylogger onto the system, and data exfiltration via C2.
References
|
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability | secondary_impact | T1543 | Create or Modify System Process |
Comments
By manipulating the working directory of Windows processes, attackers can utilize these valid processes and trick them into running arbitrary code from a WebDAV server. This has been done by using a phishing email with a malicious PDF document attached, leading to code execution, the creation of backdoors, the introduction of a keylogger onto the system, and data exfiltration via C2.
References
|