CVE-2025-24071
Published: 11 March 2025
Description
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Security Summary
CVE-2025-24071, published on 2025-03-11, is a vulnerability in Microsoft Windows File Explorer that exposes sensitive information to an unauthorized actor, enabling spoofing attacks over a network. Classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.
An unauthorized attacker can exploit this vulnerability remotely over the network using low-complexity techniques that require no privileges, though user interaction is necessary. Exploitation allows the attacker to access sensitive information, supporting spoofing without impacting integrity or availability.
Microsoft's Security Response Center (MSRC) provides an update guide for mitigation at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071. Vicarius has published related resources, including a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in Windows File Explorer exposes sensitive information enabling spoofing attacks over the network, directly facilitating Adversary-in-the-Middle (T1557) by allowing an attacker to leverage the disclosed data for positioning in network communications.