CVE-2025-24985
Published Mar 11, 2025
Last updated 2 days ago
AI description
CVE-2025-24985 is a remote code execution vulnerability in the Windows Fast FAT File System Driver. An attacker could exploit this vulnerability by convincing a target to mount a specially crafted virtual hard disk (VHD). Successful exploitation allows the attacker to execute arbitrary code on the system. This vulnerability affects Windows 10, Windows Server 2019, Windows Server 2022, and likely other versions of Windows. It was reported to Microsoft and patched in March 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog as it has evidence of active exploitation. This vulnerability is caused by an integer overflow or wraparound within the Fast FAT Driver. Exploiting this vulnerability requires local access and user interaction. While technical details are not widely available, it's known that an exploit exists. Microsoft has released patches to address this vulnerability, and users are strongly encouraged to apply these patches as soon as possible.
- Description
- Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Undergoing Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-122
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
We released a demo video for the CVE-2025-24985 Windows Fast FAT File System Driver RCE Vulnerability, patched by Microsoft in March 2025. Watch the video and subscribe to our private vulnerability PoC and detailed report service. https://t.co/lVH1gwsNls
@_patchpoint_
13 Mar 2025
3447 Impressions
11 Retweets
33 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24985 🔴 HIGH (7.8) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/LQh9rbl2z8 #CyberCron #VulnAlert #InfoSec https://t.co/HBcbn6LBwG
@cybercronai
12 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches 57 Bugs, 6 Zero-Days Under Active Attack Microsoft’s latest update fixes six exploited zero-days, including critical kernel vulnerabilities (CVE-2025-24985). Attackers are actively targeting NTFS, Fast FAT, and Windows Remote Desktop Services for privilege… htt
@dCypherIO
12 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Cybersecurity Alert: #Microsoft #Windows Fast FAT Vulnerability #CVE-2025-24985 https://t.co/F5kvZR4xOc
@UndercodeNews
12 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 March’s Microsoft Patch Tuesday: 6 Zero-Days Under Active Attack Microsoft patched 6 zero-days (already exploited!) + 51 other flaws. Critical risks: 🔻 NTFS flaws (CVE-2025-24993, etc.) – Arbitrary code execution via malicious VHDs. 🔻 Windows Fast FAT (CVE-2025-24985) –… ht
@Action1corp
12 Mar 2025
61 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! 🔹 Key threats: CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware CVE-2025-26633 – Security bypass flaw in Microso
@dysafhackx
12 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution. 🔹 Key threats: CVE-2025-24985 &… https
@TheHackersNews
12 Mar 2025
17577 Impressions
94 Retweets
191 Likes
32 Bookmarks
5 Replies
7 Quotes