CVE-2023-36025

HIGH KEV RANSOMWARE

Windows SmartScreen - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2023-36025 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 14, 2023, with confirmed use in ransomware campaigns. EIP tracks 3 public exploits from researchers including ka7ana, coolman6942o, J466Y.

AI-analyzed exploit summary This repository provides a description and context for CVE-2023-36025 but does not contain executable exploit code. It references a PoC demonstrated on Twitter and outlines requirements for hosting a malicious ZIP file accessible via a `file://` URL.

Description

Windows SmartScreen Security Feature Bypass Vulnerability

Exploits (3)

nomisec WRITEUP 13 stars

by ka7ana · poc

https://github.com/ka7ana/CVE-2023-36025

View Code ZIP pw:eip

This repository provides a description and context for CVE-2023-36025 but does not contain executable exploit code. It references a PoC demonstrated on Twitter and outlines requirements for hosting a malicious ZIP file accessible via a `file://` URL.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: unknown (likely Windows given file:// URL context)

No auth needed

Prerequisites: Hosting a malicious ZIP file on an attacker-controlled server · Victim access to the ZIP via a `file://` URL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by coolman6942o · local

https://github.com/coolman6942o/-EXPLOIT-CVE-2023-36025

View Code ZIP pw:eip

This repository provides a proof-of-concept exploit for CVE-2023-36025, a Windows SmartScreen Security Feature Bypass Vulnerability. It includes instructions for setting up a reverse TCP handler using Metasploit to exploit the vulnerability.

Classification

Working Poc 80%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Windows SmartScreen

No auth needed

Prerequisites: Metasploit framework · Configured reverse TCP handler · Target machine with vulnerable Windows SmartScreen

MITRE ATT&CK

T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec NO CODE 5 stars

by J466Y · poc

https://github.com/J466Y/test_CVE-2023-36025

View Code ZIP pw:eip

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36025

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025

Scores

CVSS v3 8.8

EPSS 0.8820

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-11-14

VulnCheck KEV 2023-11-14

InTheWild.io 2023-11-14

ENISA EUVD EUVD-2023-40009

Ransomware Use Confirmed

Status published

Products (15)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1809 (3 CPE variants)

microsoft/windows_10_21h2 (3 CPE variants)

microsoft/windows_10_22h2 (3 CPE variants)

microsoft/windows_11_21h2 (2 CPE variants)

microsoft/windows_11_22h2 (2 CPE variants)

microsoft/windows_11_23h2 (2 CPE variants)

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

... and 5 more

Published Nov 14, 2023

KEV Added Nov 14, 2023

Tracked Since Feb 18, 2026