AI description
CVE-2025-24071 involves the exposure of sensitive information in Windows File Explorer, potentially allowing an attacker to perform spoofing over a network. This vulnerability arises from how Windows Explorer handles specially crafted .library-ms files within RAR/ZIP archives. When such an archive is extracted, Windows Explorer automatically parses the .library-ms file due to its indexing and preview mechanisms. If the .library-ms file contains a SimpleLocation tag pointing to an attacker-controlled SMB server, Windows Explorer attempts to resolve this path, triggering an NTLM authentication handshake and potentially sending the victim's NTLMv2 hash without explicit user interaction. This implicit trust and automatic processing of certain file types upon extraction can be exploited to leak credentials.
- Description
- Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-200
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
Reported to MSRC on June 29, 2018, Case CRM: 0461055432 and was told "the risk was not severe enough" @msftsecresponse will I get credit for CVE-2025-24071 for my original discovery report? https://t.co/VXdc9V44EN https://t.co/UqmYgD4lAp @0x6rss #CVE-2025-24071
@hyp3rlinx
22 Mar 2025
8518 Impressions
9 Retweets
37 Likes
17 Bookmarks
2 Replies
0 Quotes
Una vulnerabilidad crítica en el Explorador de archivos de Windows , identificada como CVE-2025-24071, permite a los atacantes robar contraseñas con hash NTLM sin ninguna interacción del usuario más allá de simplemente extraer un archivo comprimido. https://t.co/mEYXrTNJkg https:
@ohbrient
21 Mar 2025
24 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Windows Explorer initiates an SMB authentication request upon extracting a .library-ms file from a .rar archive, exposing NTLM hashes. Extraction alone triggers the vulnerability. https://t.co/8soaMAFt7n
@hack_sparo
21 Mar 2025
22349 Impressions
91 Retweets
498 Likes
247 Bookmarks
4 Replies
1 Quote
CVE-2025-24071 POC Exploit released for Microsoft Flaw #microsoft #CVE-2025-24071 https://t.co/KxDpdddac2
@pravin_karthik
21 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのファイルエクスプローラーの脆弱性(CVE-2025-24071)により、特別に細工されたアーカイブを解凍するとNTLMハッシュが漏洩する可能性がある。 Microsoftは2025年3月の月例パッチでこの問題を修正済み。 https://t.co/Qv0u8YJ5CI
@01ra66it
20 Mar 2025
1180 Impressions
5 Retweets
23 Likes
5 Bookmarks
0 Replies
0 Quotes
PoC Released: Windows Explorer CVE-2025-24071 Vulnerability Exposes NTLM Hashes https://t.co/qc4hi0AHeR
@Dinosn
20 Mar 2025
14421 Impressions
100 Retweets
324 Likes
135 Bookmarks
3 Replies
0 Quotes
VULNERABILIDAD DE SUPLANTACIÓN EN EL EXPLORADOR DE ARCHIVOS DE MICROSOFT WINDOWS (CVE-2025-24071) *La Noticia completa en nuestra Página Oficial https://t.co/x51LpW0QRp https://t.co/VsbUuY0XRS
@mostradorwebcom
19 Mar 2025
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[Blog] Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows (CVE-2025-24071) https://t.co/TEpRyuaA7y
@elhackernet
19 Mar 2025
2556 Impressions
8 Retweets
16 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/QENoRT3GC5
@akaclandestine
18 Mar 2025
2872 Impressions
15 Retweets
81 Likes
34 Bookmarks
0 Replies
1 Quote
CVE-2025-24071> Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file... https://t.co/d1myefHndw
@cyber_advising
18 Mar 2025
20854 Impressions
106 Retweets
346 Likes
193 Bookmarks
4 Replies
0 Quotes
🚨 CVE-2025-24071 Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows. ⚠️Estado⚠️: Parcheada ✅ 🔗 Blog post: https://t.co/nsz1lmHRCz 🔗 PoC: https://t.co/LYKt2uQpOO #Ciberseguridad #Windows #Vulnerabilidad #CVE202524071
@Cyph3R_CyberSec
18 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File - https://t.co/7axtCRjLnD
@piedpiper1616
18 Mar 2025
7360 Impressions
63 Retweets
176 Likes
84 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: https://t.co/kFWnAZbsvR PoC: https://t.co/7n1nfU6HJv ht
@0x6rss
18 Mar 2025
18179 Impressions
101 Retweets
420 Likes
244 Bookmarks
0 Replies
2 Quotes
🚨 CVE-2025-24071 🔴 HIGH (7.5) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/wHKunzLEGr #CyberCron #VulnAlert #InfoSec https://t.co/qzhwz75gzT
@cybercronai
13 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. https://t.co/1M4l5DmgVf
@CVEnew
11 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes