CVE-2025-24984

MEDIUM
2025-03-11 [email protected]
4.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
Added to CISA KEV
Oct 27, 2025 - 17:14 cisa
CISA KEV
Patch Released
Oct 27, 2025 - 17:14 nvd
Patch available
CVE Published
Mar 11, 2025 - 17:16 nvd
MEDIUM 4.6

Tags

Windows Microsoft

Description

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Analysis

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. [CVSS 4.6 MEDIUM] [CISA KEV - actively exploited]

Technical Context

Classified as CWE-532 (Insertion of Sensitive Information into Log File). Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Affected Products

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Remediation

A vendor patch is available — apply it immediately.

Priority Score

78
Low Medium High Critical
KEV: +50
EPSS: +5.0
CVSS: +23
POC: 0

Share

CVE-2025-24984 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy