Sensitive Information Disclosure in Windows NTFS by Microsoft
CVE-2025-24984
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 11 March 2025
Badges
What is CVE-2025-24984?
The vulnerability in Windows NTFS enables attackers to gain unauthorized access to sensitive information by exploiting an issue that allows the insertion of confidential data into log files. This could potentially be leveraged in scenarios where a physical attack occurs, leading to the exposure of sensitive information.
CISA has reported CVE-2025-24984
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-24984 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20947
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7876
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7009
News Articles
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

CISA Warns of Windows NTFS Vulnerability Exploited for Data Theft
The Cybersecurity and Infrastructure Security Agency (CISA) highlighted a critical vulnerability in Microsoft Windows' New Technology File System (NTFS).
Microsoft patches 57 vulnerabilities, including 6 zero-days
More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.
References
EPSS Score
18% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- đź“°
First article discovered by Zero Day Initiative
Vulnerability published
Vulnerability Reserved