CVE-2025-24993

HIGH
2025-03-11 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
Added to CISA KEV
Oct 27, 2025 - 17:13 cisa
CISA KEV
CVE Published
Mar 11, 2025 - 17:16 nvd
HIGH 7.8

Tags

Windows Buffer Overflow

Description

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Analysis

A heap-based buffer overflow in the Windows NTFS driver allows unauthenticated local code execution, providing kernel-level access when a user mounts a crafted NTFS filesystem image. This KEV-listed vulnerability (CVE-2025-24993) targets the most widely used Windows filesystem, making it a significant threat through malicious USB drives, VHD files, or network shares.

Technical Context

The NTFS.sys kernel driver improperly handles certain NTFS metadata structures, leading to a heap buffer overflow in the kernel pool. NTFS is the default and most trusted filesystem on Windows, so the attack surface is broad — any operation that causes Windows to parse NTFS metadata (mounting drives, opening VHDs, browsing network shares) can trigger the vulnerability.

Affected Products

['Microsoft Windows 10 (all versions)', 'Microsoft Windows 11', 'Microsoft Windows Server 2016/2019/2022']

Remediation

Apply Microsoft security update immediately. This is KEV-listed — remediate per CISA deadlines. Restrict VHD mounting via Group Policy. Block VHD/VHDX attachments at email gateways. Limit removable media usage on sensitive systems.

Priority Score

90
Low Medium High Critical
KEV: +50
EPSS: +1.5
CVSS: +39
POC: 0

Share

CVE-2025-24993 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy