CVE-2025-24054

KEV
Published: Mar 11, 2025 Last Modified: Feb 13, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0987
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

73

External Control of File Name or Path

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Read Files Or Directories Modify Files Or Directories Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Other)
Applicable Platforms
Operating Systems: Unix, Windows, macOS
Likelihood of Exploit: High
View CWE Details
Exploit

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Author: hyp3rlinx Published:
View Exploit Code →
Exploit

windows 10/11 - NTLM Hash Disclosure Spoofing

windows 10/11 - NTLM Hash Disclosure Spoofing

Author: beatrizfn Published:
View Exploit Code →
Exploit

Windows 10.0.17763.7009 - spoofing vulnerability

Windows 10.0.17763.7009 - spoofing vulnerability

Author: beatrizfn Published:
View Exploit Code →
Operating System

Windows 10 1809 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1809
Version Range Affected
To 10.0.17763.7009 (exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 21H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 21H2
Version Range Affected
To 10.0.19044.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 1607 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1607
Version Range Affected
To 10.0.14393.7876 (exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 1607 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1607
Version Range Affected
To 10.0.14393.7876 (exclusive)
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 1507 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1507
Version Range Affected
To 10.0.10240.20947 (exclusive)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 21H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 21H2
Version Range Affected
To 10.0.19044.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 1809 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1809
Version Range Affected
To 10.0.17763.7009 (exclusive)
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 1507 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 1507
Version Range Affected
To 10.0.10240.20947 (exclusive)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 21H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 21H2
Version Range Affected
To 10.0.19044.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 23H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 23H2
Version Range Affected
To 10.0.22631.5039 (exclusive)
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 22H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 22H2
Version Range Affected
To 10.0.22621.5039 (exclusive)
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2012 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2012
Version -
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 22H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 22H2
Version Range Affected
To 10.0.19045.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2022 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2022
Version Range Affected
To 10.0.20348.3270 (exclusive)
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2008 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2008
Version r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 24H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 24H2
Version Range Affected
To 10.0.26100.3403 (exclusive)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 22H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 22H2
Version Range Affected
To 10.0.19045.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2016 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2016
Version Range Affected
To 10.0.14393.7876 (exclusive)
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 22H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 22H2
Version Range Affected
To 10.0.22621.5039 (exclusive)
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2025 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2025
Version Range Affected
To 10.0.26100.3403 (exclusive)
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2019 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2019
Version Range Affected
To 10.0.17763.7009 (exclusive)
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2012 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2012
Version r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 24H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 24H2
Version Range Affected
To 10.0.26100.3403 (exclusive)
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 11 23H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 11 23H2
Version Range Affected
To 10.0.22631.5039 (exclusive)
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows 10 22H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows 10 22H2
Version Range Affected
To 10.0.19045.5608 (exclusive)
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Windows Server 2022 23H2 by Microsoft

Product Information
Vendor Microsoft
Product Windows Server 2022 23H2
Version Range Affected
To 10.0.25398.1486 (exclusive)
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
http://seclists.org/fulldisclosure/2025/Apr/28
http://seclists.org/fulldisclosure/2025/Apr/28
https://www.exploit-db.com/exploits/52478
https://www.exploit-db.com/exploits/52478
https://www.exploit-db.com/exploits/52480
https://www.exploit-db.com/exploits/52480
https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoof…
https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in…
https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoof…
https://www.vicarius.io/vsociety/posts/cve-2025-24054-spoofing-vulnerability-in…
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2…
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054