Out-of-Bounds Read Vulnerability in Microsoft Windows NTFS
CVE-2025-24991
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 11 March 2025
Badges
Summary
An out-of-bounds read vulnerability in Windows NTFS can enable an authorized attacker to disclose sensitive information on the affected system. Exploiting this flaw could allow the retrieval of confidential data, potentially leading to greater security risks. It is essential for users to remain vigilant and apply the relevant patches provided by Microsoft to mitigate these risks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20947
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7876
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7009
Get notified when SecurityVulnerability.io launches alerting ๐
Well keep you posted ๐ง
News Articles
References
CVSS V3.1
Timeline
- ๐ฐ
First article discovered by Krebs on Security
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved