Process execution from webdav share

Intel Name: Process execution from webdav share

Date of Scan: June 16, 2025

Impact: Low

Summary:
Detects process executions with image paths beginning with WebDAV shares (\), which may signal malicious activity involving remote file execution. Running processes from WebDAV paths can indicate lateral movement or exploitation attempts, particularly when the process isn’t a known legitimate application. Some exploits, such as CVE-2025-33053, involve executing payloads directly from WebDAV locations.

More Details