Sensitive Information Disclosure in Windows NTFS by Microsoft
CVE-2025-24984

4.6MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 11 March 2025

Badges

👾 Exploit Exists🟣 EPSS 18%🦅 CISA Reported📰 News Worthy

What is CVE-2025-24984?

The vulnerability in Windows NTFS enables attackers to gain unauthorized access to sensitive information by exploiting an issue that allows the insertion of confidential data into log files. This could potentially be leveraged in scenarios where a physical attack occurs, leading to the exposure of sensitive information.

CISA has reported CVE-2025-24984

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-24984 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20947

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7876

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7009

News Articles

CISA (.gov)

CVE-2025-24983 CVE-2025-24984

CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

GBHackers News

CVE-2025-24984

CISA Warns of Windows NTFS Vulnerability Exploited for Data Theft

The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability in Microsoft Windows' New Technology File System (NTFS).