AI description
CVE-2025-24054 is a vulnerability in Windows NTLM that involves external control of the file name or path, potentially allowing an unauthorized attacker to perform spoofing over a network. The vulnerability can be exploited using a maliciously crafted .library-ms file. Active exploitation of CVE-2025-24054 has been observed in the wild since March 19, 2025. Attackers can potentially leak NTLM hashes or user passwords, compromising systems. Exploitation can be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to a folder containing the malicious file.
- Description
- External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability
- Exploit added on
- Apr 17, 2025
- Exploit action due
- May 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-73
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks. Learn more: https://t.co/cz7ZuKOAmI #phishing #attacks #windows
@thehlayer
25 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Windows users: CVE-2025-24054 is being actively exploited! Just viewing a malicious file can leak your credentials—no clicks needed. Find out how to protect your network now before it’s too late! 🔒 #CyberSecurityAlert https://t.co/pSWhsNhS5H
@cheinyeanlim
25 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We added the following vulnerabilities to our feed: - UNDISCLOSED: Microsoft Management Console - CVE-2025-24054: Windows File Explorer NTLM Leak - CVE-2025-24985: Windows FAT DoS - CVE-2023-36205: Zemana AntiMalware LPE - CVE-2021-21551: Dell Driver LPE https://t.co/iKW6swSCtZ
@crowdfense
24 Apr 2025
2079 Impressions
6 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
In this week’s episode of “The Weekly Purple Team,” we deep-dive into CVE-2025-24054, which can be exploited by unzipping or touching a library-ms file. Threat actors have actively used this exploit, which is pretty novel. Check it out! https://t.co/1LiKwM1LbR
@BriPwn
24 Apr 2025
357 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
24 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ALERTA DE SEGURIDAD CRÍTICA en Windows! Robo de Credenciales NTLM 'Zero-Click' CVE-2025-24054 Explicada: Esta falla permite la captura silenciosa de hashes NTLMv2 cuando un usuario simplemente descarga un archivo malicioso que referencia un recurso remoto. https://t.co/XOfQzYA2u
@AlexCalvillo_SI
22 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
22 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【悲報】マイクロソフトさんが「悪用の可能性は低い」とした脆弱性、開示から8日で悪用されてしまう。NTLMハッシュ漏洩の脆弱性CVE-2025-24054。Check Point社報告。Dropboxでホストされた悪性.library-ms入りZIPがフィッシングメールで使用された。 https://t.co/GLxRAOanbn
@__kokumoto
22 Apr 2025
6528 Impressions
55 Retweets
127 Likes
34 Bookmarks
0 Replies
2 Quotes
🛑 Windows : cet exploit NTLM est utilisé pour cibler entreprises et gouvernements 🔎 L'exploitation de la CVE-2025-24054 repose sur l'utilisation de fichiers .library-ms malveillants 👉 Plus d'infos : https://t.co/peTQcPvqp2 #phishing #windows #infosec https://t.co/peTQcPvqp2
@ITConnect_fr
22 Apr 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’un NTLM Açığı (CVE-2025-24054)! Aktif Olarak İstismar Ediliyor https://t.co/yLKjqtOQxS https://t.co/VGJifHtmlU
@cozumpark
22 Apr 2025
186 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
@Microsoft said initially a low vulnerability CVE-2025-24054 , #hackers see this as a major vulnerability; NTLM Hash spoofing https://t.co/ezJSGgQepx
@PeterJopling
22 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025 Bug Bounties! Hunt: CVE-2025-30406: Gladinet key CVE-2025-29824: Windows EoP CVE-2025-24054: NTLM theft CVE-2025-24813: Tomcat bug CVE-2025-32433: SSH RCE Burp, Amass. Big bounties! Get Bug Bounty Guide 2025! #BugBounty #VulnHunting2025 https://t.co/tin4q4LnYa
@Viper_Droidd
21 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-24054 #Microsoft #Windows NTLM Hash Disclosure Spoofing Vulnerability https://t.co/ZiNAYXy7uW
@ScyScan
21 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #NTLM exploited, again. CVE-2025-24054 shows why @Microsoft is urging a move to #Kerberos. Visuality Systems offers secure, Kerberos-ready #SMBprotocol libraries to support your transition. https://t.co/UtkY1sAVaY
@Visuality_NQ
21 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
21 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24054 is now under active attack. Threat actors are using malicious .library-ms files to steal NTLM hashes with minimal user interaction — sometimes just by downloading a file. Legacy protocols = easy targets. Patch now. #CyberSecurity #CVE202524054 https://t.co/VNSIVA4N
@Shift6Security
21 Apr 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24054 Under Active Attack: Stealing NTLM Credentials during File download #technewsy #technews #cybersecuritynews https://t.co/FcDwwWParT
@RamananTechPro
21 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#AlertaSeguridad #AlertaInformática Alerta en Windows: vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes https://t.co/rHguvmkfqc
@sinelo1968
20 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
حملات فعال به CVE-2025-24054: سرقت هشهای NTLM هنگام دانلود فایل #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #CVE_2024_43451 #CVE_2025_24054 #مایکروسافت #Microsoft #NTLM https://t.co/dVnNpRDvrL
@vulnerbyte
20 Apr 2025
62 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24054 : Under Active Attack Steals NTLM Credentials on File Download https://t.co/F5D5gzwu5y
@freedomhack101
20 Apr 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
20 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Windows-Sicherheitslücke CVE-2025-24054 wird aktiv ausgenutzt. Schon das Herunterladen oder Navigieren zu präparierten .library-ms-Dateien kann NTLM-Passwort-Hashes stehlen. #Windows #Cybersecurity https://t.co/DM0xwV7aDv
@WinFuture
20 Apr 2025
302 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unmasking CVE-2025-24054: The Cyber Threat in Action! https://t.co/df8zuUGjel https://t.co/XFiUvTbV1a
@wavasec
20 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚫أحدث أخبار الأمن السيبراني لهذا اليوم : تهديدات جديدة، تحديثات مهمة، وتقنيات متقدمة 1.ثغرة CVE-2025-24054تحت الهجوم النشط وكالة الأمن السيبراني الأمريكية تحذر من استغلال ثغرة جديدة في Windows تُستخدم لاستخراج بيانات NTLM عند تنزيل الملفات يجب تحديث الأنظمة المتأثرة على الفور
@1CyberSBot
20 Apr 2025
497 Impressions
0 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download https://t.co/GduCOUdYaY
@_iTs_sUb_
20 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerta en #Windows: #vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes https://t.co/L4ODgq5GdZ
@ethhack
20 Apr 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#muddywater CVE-2025-24054 https://t.co/GlVDUbpdiV
@blackorbird
20 Apr 2025
4385 Impressions
12 Retweets
40 Likes
12 Bookmarks
0 Replies
0 Quotes
CVE-2025-24054 is under active exploitation, allowing NTLMv2 hash theft via malicious .library-ms files. Minimal user interaction, like viewing the file, can trigger the exploit. https://t.co/qWisb6QSr5 #CyberSecurity #WindowsVulnerability #CVE202524054Daily CyberSecurity+7
@CybersecSntl
19 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned CVE-2025-24054 (CVSS score: 6.5). https://t.co/RHyPres5FV https://t.co/XH
@riskigy
19 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download https://t.co/RHVX6P0zi8
@matrixcyberlabs
19 Apr 2025
33 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
19 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Alerta en Windows: vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes https://t.co/tH2hEwTofh
@unaaldia
19 Apr 2025
555 Impressions
6 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
🔐 CVE-2025-24054 Windows Vulnerability Under Active Attack – Protect Your NTLM Credentials Now! https://t.co/2qcbwBgRzb https://t.co/7f7UfBBtS7
@AsmaJiniya52642
19 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
•CVE-2025-24054 is now under active exploitation.• Attackers are leveraging malicious .library-ms files to capture NTLM hashes with minimal user interaction. CISA has listed it in the Known Exploited Vulnerabilities catalog. •Ensure your systems are patched immediately. https:
@redfoxsec
19 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24054
@transilienceai
18 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A Windows vulnerability, CVE-2025-24054, exposing NTLM hashes via .library-ms files, is being exploited in phishing attacks targeting government entities and private companies. https://t.co/jBy1cZVWUq
@securityRSS
18 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24054, an NTLM hash disclosure vulnerability in Windows, is under active attack. Organizations must patch promptly to prevent exploitation. #CyberSecurity #WindowsVulnerability #NTLM https://t.co/oXm6blTFMR
@dailytechonx
18 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability (CVE-2025-24054) #CVE202524054 #CyberSecurity #Microsoft #MicrosoftWindows #NTLM https://t.co/K8IJWPdSBC https://t.co/tMhTijquer
@SystemTek_UK
18 Apr 2025
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
La #vulnerabilidad CVE-2025-24054 se encuentra bajo ataque activo, permitiendo el robo de credenciales #NTLM a través de la descarga de archivos https://t.co/QrNo4N22og
@Masterhacks_net
18 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New Windows NTLM vulnerability (CVE-2025-24054) exploited in attacks on government and private institutions. Apply March 2025 patches and enhance security measures. #CyberSecurity #WindowsVulnerability https://t.co/s3o2dJDawp
@dailytechonx
18 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24054 is now actively exploited — and it only takes a single click to leak your NTLM credentials. No file execution. Just previewing a .library-ms file is enough. 👇 https://t.co/dDvqJZo5Av
@efani
18 Apr 2025
259 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-24054: A critical NTLM spoofing flaw in Windows is being actively exploited. No auth needed — attackers just need to be on the same network. Patch now! Details 👇 🔗 https://t.co/Qgquws3qZz #CyberSecurity #CVE202524054 #Windows #InfoSec #CISA #PatchNow
@threatsbank
18 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Windows Flaw Exploited to Steal NTLM Hashes Hackers are actively exploiting a patched Windows vulnerability (CVE-2025-24054) involving .library-ms files to steal user NTLM hashes. Update now! https://t.co/LkHGsw6NvG
@the_yellow_fall
18 Apr 2025
1000 Impressions
11 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad NTLM de Windows explotada en ataques de phishing (CVE-2025-24054) https://t.co/0k1VE9gPeC
@SeguInfo
18 Apr 2025
1343 Impressions
6 Retweets
15 Likes
10 Bookmarks
1 Reply
1 Quote
⚠️ Windows NTLM Flaw Exploited in Gov’t Phishing Attacks CVE-2025-24054 leaks NTLM hashes via malicious .library-ms files—linked to APT28. Patch ASAP & watch auth logs! https://t.co/TgRKFzq29E #cybersecurity #Windows #APT28
@dCypherIO
18 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CVE-2025-24054 in Microsoft Windows is under active attack, allowing NTLM credential theft with minimal user action. Immediate patching is advised! #WindowsSecurity #NTLM #USA link: https://t.co/ea9gvEi9bU https://t.co/Q5jz4A8sU4
@TweetThreatNews
18 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24054 e lo sfruttamento attivo di NTLM: vulnerabilità silenziose in Windows Sicurezza Informatica, .library-ms, attack 2025, CVE-2024-43451, CVE-2025-24054, disclosure, NTLM, NTLMv2, pass-the-hash, path vulnerability, PHISHING, SMB relay, spoofi… https://t.co/zgdhKuYCol
@matricedigitale
18 Apr 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Windows NTLM Hash Leak Vulnerability Exploited in Phishing Attacks Targeting Governments A Windows flaw (CVE-2025-24054) leaking NTLM hashes via .library-ms files is being exploited in phishing campaigns targeting governments in Poland and Romania. Patched in March 2025, htt
@gossy_84
18 Apr 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24054 added to CISA’s KEV list—actively exploited Windows flaw leaking NTLM hashes via file downloads. Patch ASAP! 🔐 Details: https://t.co/MYrNcf675C #CyberSecurity #CVE202524054 https://t.co/MYrNcf675C
@SalvadorCloud
18 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Windows NTLM Flaw (CVE-2025-24054) under attack! Hackers exploit it to steal credentials via phishing & malicious .library-ms files. Patched Mar 11, 2025, but campaigns hit globally since Mar 19. Patch NOW, restrict NTLM, & avoid unknown files! 🔒#Cybersecurity #Windows
@SecurEpitome
18 Apr 2025
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "714C0D5E-BE31-45AB-A729-FF55DE59F593",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0C8B2D45-7059-4FA0-A46C-64A171D287DA",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5569800D-B907-47CC-86D2-EC0118157916",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "A84E706C-3A65-4920-8F80-2A684D3CB110",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "ED157557-37C1-4802-8746-B87120BA16FA",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "BE8F0EF2-EED3-4791-AE26-D24D97B673D6",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C8949B3E-5847-42F8-A15A-D7515F0EE305",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "84D4F97D-3BA2-4B7A-B650-5772DE49CE97",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "82807292-1736-4453-B805-3D471BF94A35",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E19130AD-ECD6-4FC4-B2C8-AB058BDEF928",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B7ADF37E-1DD3-4539-8922-1E059955FEF1",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E0A74D52-ABC0-4733-B892-F8688B6AEBA7",
"versionEndExcluding": "10.0.26100.3403"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAACC9C4-DDC5-4059-AFE3-A49DB2347A86",
"versionEndExcluding": "10.0.20348.3270"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF423F8C-2E8A-46AB-BB2D-C416BF341F92",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF81B44C-8FF7-4C61-9974-3F98DA9D492C",
"versionEndExcluding": "10.0.26100.3403"
}
],
"operator": "OR"
}
]
}
]