Cyber Posture

CVE-2025-24993

HighCISA KEVActive Exploitation

Published: 11 March 2025

Published
11 March 2025
Modified
27 October 2025
KEV Added
11 March 2025
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0177 82.7th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Description

An adversary may rely upon a user opening a malicious file in order to gain execution.

Security Summary

CVE-2025-24993 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows NTFS file system component. Published on 2025-03-11T17:16:35.797, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The flaw enables an unauthorized attacker to execute arbitrary code locally on affected Windows systems.

Exploitation requires local access to the target machine with no special privileges, low attack complexity, and user interaction, such as opening a malicious file. A successful attack allows the attacker to achieve high-impact effects on confidentiality, integrity, and availability through local code execution, though it does not result in privilege escalation.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993 provides details on patches and mitigations. The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24993, signaling real-world exploitation.

Details

CWE(s)
CWE-122
KEV Date Added
11 March 2025

Affected Products

microsoft
windows 10 1507
≤ 10.0.10240.20947 · ≤ 10.0.10240.20947
microsoft
windows 10 1607
≤ 10.0.14393.7876 · ≤ 10.0.14393.7876
microsoft
windows 10 1809
≤ 10.0.17763.7009 · ≤ 10.0.17763.7009
microsoft
windows 10 21h2
≤ 10.0.19044.5608 · ≤ 10.0.19044.5608 · ≤ 10.0.19044.5608
microsoft
windows 10 22h2
≤ 10.0.19045.5608 · ≤ 10.0.19045.5608 · ≤ 10.0.19045.5608
microsoft
windows 11 22h2
≤ 10.0.22621.5039 · ≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039 · ≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403 · ≤ 10.0.26100.3403
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

The vulnerability is a local heap buffer overflow in NTFS triggered by opening a malicious file, directly enabling user execution of arbitrary code without requiring privileges or remote access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References