CVE-2025-24984MEDIUM 4.6CISA KEVEPSS p76.1%

CVE-2025-24984Microsoft Windows NTFS Information Disclosure Vulnerability

Microsoft / Windows

Description

Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Scoring

CVSS 3.14.6 (MEDIUM)
VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS1.83% probability of exploitation · percentile 76.1% · 2026-06-18T12:00:27Z
Published2025-03-11
Last modified2025-10-27

CISA KEV entry

Added to KEV: 2025-03-11

Underlying weaknesses· 1

CWE-532

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984

1

TypeTargetConfidenceTier
WeaknessInsertion of Sensitive Information into Log Filecwe-5320%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows NTFS Information Disclosure Vulnerabilitykev-cve-2025-249840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
CVE
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
CVE
CVE-2026-45636
CVE
Microsoft Windows NTFS Privilege Escalation Vulnerability
CVE
Microsoft Windows Kernel Information Disclosure Vulnerability
CVE
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.