AI description
CVE-2025-24071 involves the exposure of sensitive information in Windows File Explorer, potentially allowing an attacker to perform spoofing over a network. This vulnerability arises from how Windows Explorer handles specially crafted .library-ms files within RAR/ZIP archives. When such an archive is extracted, Windows Explorer automatically parses the .library-ms file due to its indexing and preview mechanisms. If the .library-ms file contains a SimpleLocation tag pointing to an attacker-controlled SMB server, Windows Explorer attempts to resolve this path, triggering an NTLM authentication handshake and potentially sending the victim's NTLMv2 hash without explicit user interaction. This implicit trust and automatic processing of certain file types upon extraction can be exploited to leak credentials.
- Description
- Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-200
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
WindowsのNTLM認証に関する複数の脆弱性(CVE-2025-21377、CVE-2025-21217、CVE-2025-24071)が報告された。NTLMハッシュの漏洩や認証バイパスのリスクがあり、早急なパッチ適用とNTLMの使用制限が推奨。 https://t.co/wQx6P6jMPN
@01ra66it
16 Apr 2025
874 Impressions
5 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
EncryptHubの二重生活:サイバー犯罪者対Windowsのバグ報奨金研究者(CVE-2025-24061、CVE-2025-24071) https://t.co/P85bmF70j3 #security #セキュリティ #ニュース
@SecureShield_
7 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Credits Hacker 'EncryptHub' for Discovering Critical Windows Flaws In a surprising move, Microsoft has publicly credited the hacker known as "EncryptHub" for responsibly disclosing two high-severity Windows vulnerabilities—CVE-2025-24061 and CVE-2025-24071—both patched
@ChbibAnas
7 Apr 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
👀 Microsoft Credits EncryptHub — the Hacker Behind 618+ Breaches — for Disclosing Windows Flaws. 👀 In March 2025, EncryptHub reported 2 critical bugs (CVE-2025-24061 & CVE-2025-24071). Weeks later, he exploited a zero-day (CVE-2025-26633), hitting hundreds of targets usin
@TheHackersNews
5 Apr 2025
13527 Impressions
35 Retweets
80 Likes
15 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24071
@transilienceai
2 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24071
@transilienceai
2 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 ALERTA DE SEGURIDAD: CVE-2025-24071 - Suplantación en Explorador de Archivos de Windows 🚨 Se ha identificado una vulnerabilidad en el Explorador de Windows que permite a atacantes no autenticados capturar hashes NTLM. https://t.co/tSKNwKR90m
@BanCERT_gt
26 Mar 2025
12 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Understanding and Mitigating the CVE-2025-24071 Vulnerability in Windows https://t.co/EM8K1itkFY #cve202524071 #windowsvulnerability #ntlm #cybersecurity #patchmanagement
@DefendOpsHQ
25 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Reported to MSRC on June 29, 2018, Case CRM: 0461055432 and was told "the risk was not severe enough" @msftsecresponse will I get credit for CVE-2025-24071 for my original discovery report? https://t.co/VXdc9V44EN https://t.co/UqmYgD4lAp @0x6rss #CVE-2025-24071
@hyp3rlinx
22 Mar 2025
8518 Impressions
9 Retweets
37 Likes
17 Bookmarks
2 Replies
0 Quotes
Una vulnerabilidad crítica en el Explorador de archivos de Windows , identificada como CVE-2025-24071, permite a los atacantes robar contraseñas con hash NTLM sin ninguna interacción del usuario más allá de simplemente extraer un archivo comprimido. https://t.co/mEYXrTNJkg https:
@ohbrient
21 Mar 2025
24 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Windows Explorer initiates an SMB authentication request upon extracting a .library-ms file from a .rar archive, exposing NTLM hashes. Extraction alone triggers the vulnerability. https://t.co/8soaMAFt7n
@hack_sparo
21 Mar 2025
22349 Impressions
91 Retweets
498 Likes
247 Bookmarks
4 Replies
1 Quote
CVE-2025-24071 POC Exploit released for Microsoft Flaw #microsoft #CVE-2025-24071 https://t.co/KxDpdddac2
@pravin_karthik
21 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのファイルエクスプローラーの脆弱性(CVE-2025-24071)により、特別に細工されたアーカイブを解凍するとNTLMハッシュが漏洩する可能性がある。 Microsoftは2025年3月の月例パッチでこの問題を修正済み。 https://t.co/Qv0u8YJ5CI
@01ra66it
20 Mar 2025
1180 Impressions
5 Retweets
23 Likes
5 Bookmarks
0 Replies
0 Quotes
PoC Released: Windows Explorer CVE-2025-24071 Vulnerability Exposes NTLM Hashes https://t.co/qc4hi0AHeR
@Dinosn
20 Mar 2025
14421 Impressions
100 Retweets
324 Likes
135 Bookmarks
3 Replies
0 Quotes
VULNERABILIDAD DE SUPLANTACIÓN EN EL EXPLORADOR DE ARCHIVOS DE MICROSOFT WINDOWS (CVE-2025-24071) *La Noticia completa en nuestra Página Oficial https://t.co/x51LpW0QRp https://t.co/VsbUuY0XRS
@mostradorwebcom
19 Mar 2025
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[Blog] Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows (CVE-2025-24071) https://t.co/TEpRyuaA7y
@elhackernet
19 Mar 2025
2556 Impressions
8 Retweets
16 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/QENoRT3GC5
@akaclandestine
18 Mar 2025
2872 Impressions
15 Retweets
81 Likes
34 Bookmarks
0 Replies
1 Quote
CVE-2025-24071> Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file... https://t.co/d1myefHndw
@cyber_advising
18 Mar 2025
20854 Impressions
106 Retweets
346 Likes
193 Bookmarks
4 Replies
0 Quotes
🚨 CVE-2025-24071 Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows. ⚠️Estado⚠️: Parcheada ✅ 🔗 Blog post: https://t.co/nsz1lmHRCz 🔗 PoC: https://t.co/LYKt2uQpOO #Ciberseguridad #Windows #Vulnerabilidad #CVE202524071
@Cyph3R_CyberSec
18 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File - https://t.co/7axtCRjLnD
@piedpiper1616
18 Mar 2025
7360 Impressions
63 Retweets
176 Likes
84 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: https://t.co/kFWnAZbsvR PoC: https://t.co/7n1nfU6HJv ht
@0x6rss
18 Mar 2025
18179 Impressions
101 Retweets
420 Likes
244 Bookmarks
0 Replies
2 Quotes
🚨 CVE-2025-24071 🔴 HIGH (7.5) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/wHKunzLEGr #CyberCron #VulnAlert #InfoSec https://t.co/qzhwz75gzT
@cybercronai
13 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. https://t.co/1M4l5DmgVf
@CVEnew
11 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes