The Reflective Kerberos Relay Attack (CVE-2025-33073) exploits a vulnerability in Windows environments to escalate privileges to SYSTEM level by bypassing NTLM protections using Kerberos. Discovered by RedTeam Pentesting in early 2025, this attack affects all unpatched Windows versions, highlighting a significant ongoing threat. #CVE-2025-33073 #KerberosRelay #PrivilegeEscalation #RedTeamPentesting
Keypoints
- The Reflective Kerberos Relay Attack allows privilege escalation in Windows systems by exploiting Kerberos authentication.
- Discovered in early 2025 by RedTeam Pentesting, the vulnerability is tracked under CVE-2025-33073.
- The attack bypasses NTLM reflection protections by coercing authentication via SMB and relaying Kerberos tickets.
- A successful exploitation can lead to SYSTEM-level command execution on targeted Windows hosts.
- The vulnerability affects all unpatched Windows versions, including Windows 10, 11, and Server 2019-2025.