Cyber Posture

CVE-2025-24984

MediumCISA KEVActive Exploitation

Published: 11 March 2025

Published
11 March 2025
Modified
27 October 2025
KEV Added
11 March 2025
Patch
CVSS Score 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0283 86.2th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

Security Summary

CVE-2025-24984 is a vulnerability in the Windows NTFS file system that involves the insertion of sensitive information into a log file, classified under CWE-532. Published on 2025-03-11, it carries a CVSS v3.1 base score of 4.6 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting a medium-severity issue where sensitive data exposure occurs via physical means.

An unauthorized attacker with physical access to the affected system can exploit this vulnerability with low attack complexity, requiring no privileges, user interaction, or scope changes. Exploitation enables high-impact disclosure of confidential information from the log file, without impacting integrity or availability.

Microsoft's update guide addresses mitigation for CVE-2025-24984 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984.

Details

CWE(s)
CWE-532
KEV Date Added
11 March 2025

Affected Products

microsoft
windows 10 1507
≤ 10.0.10240.20947 · ≤ 10.0.10240.20947
microsoft
windows 10 1607
≤ 10.0.14393.7876 · ≤ 10.0.14393.7876
microsoft
windows 10 1809
≤ 10.0.17763.7009 · ≤ 10.0.17763.7009
microsoft
windows 10 21h2
≤ 10.0.19044.5608
microsoft
windows 10 22h2
≤ 10.0.19045.5608
microsoft
windows 11 22h2
≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.7876
+4 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability causes sensitive information to be logged in an NTFS log file, enabling an attacker with physical access to collect confidential data directly from the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References