Back to KEVs

CVE-2025-24054

NTLM Hash Disclosure Spoofing Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: January 16, 2025
Published Date: March 11, 2025
Last Updated: April 17, 2025
Vendor: Microsoft
Product: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Description: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

Score: 13.71% (Percentile: 93.85%) as of 2025-04-29

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2025-04-17 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2025-04-27 06:50:48 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-04-17 00:00:00 UTC

Recent Mentions

Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025)

Source: Full Disclosure Mailinglist • Published: 2025-04-27 04:40:56 UTC

Posted by hyp3rlinx on Apr 26[-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+] John Page (aka hyp3rlinx) [+] x.com/hyp3rlinx [+] ISR: ApparitionSec Back in 2018, I reported a ".library-ms" File NTLM information disclosure vulnerability to MSRC and was told "it was not severe enough", that being said I post it anyways. Seven years passed, until other researchers re-reported it....

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ClementNjeru/CVE-2025-24054-PoC

Type: github • Created: 2025-04-27 06:50:48 UTC • Stars: 0

Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054

helidem/CVE-2025-24054-PoC

Type: github • Created: 2025-04-22 13:04:41 UTC • Stars: 5

Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054

xigney/CVE-2025-24054_PoC

Type: github • Created: 2025-04-18 11:17:48 UTC • Stars: 1

PoC - CVE-2025-24071 / CVE-2025-24054, NTMLv2 hash'leri alınabilen bir vulnerability