CVE-2025-24054

Published Mar 11, 2025

Last updated 24 days ago

CVSS medium 6.5

Overview

Description
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Source
secure@microsoft.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. 🔴 Red Team Exercise #1 – CVE-2025-24054 Critical vuln in Windows Explorer: extracting a .library-ms with \\IP\test path from a .rar triggers an SMB auth → NTLM hash leak. Use Responder / Impacket → relay or offline cracking. #redteam #hacking #infosecurity https://t.co/XvO2EG

    @EthanLacerenza

    28 Mar 2025

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References