CVE-2025-24984

Q: What is the severity of CVE-2025-24984?

CVE-2025-24984 has a CVSS score of 4.6 (MEDIUM). This vulnerability allows sensitive information to be written to Windows NTFS log files, which could be accessed by an attacker with physical access to the system. It affects Windows systems using NTFS file systems. The risk primarily involves information disclosure rather than system compromise.

4.6 MEDIUM CISA KEV

📋 TL;DR

This vulnerability allows sensitive information to be written to Windows NTFS log files, which could be accessed by an attacker with physical access to the system. It affects Windows systems using NTFS file systems. The risk primarily involves information disclosure rather than system compromise.

💻 Affected Systems

Products:

Windows operating systems

Versions: Specific affected versions not yet detailed in public advisories

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using NTFS file system. Exact Windows versions will be specified in Microsoft's security advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could extract sensitive data like credentials, configuration details, or other logged information from NTFS log files, potentially enabling further attacks.

🟠

Likely Case

Limited information disclosure from log files to attackers with physical access to storage media or compromised systems.

🟢

If Mitigated

Minimal impact if proper access controls, encryption, and physical security measures are implemented.

🌐 Internet-Facing: LOW - This vulnerability requires physical access or local system compromise, not directly exploitable over networks.

🏢 Internal Only: MEDIUM - Physical access to systems or storage media could allow information disclosure in environments with poor physical security.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires physical access to storage media or compromised system access

Exploitation requires access to NTFS log files, typically through physical media access or system compromise.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984

Restart Required: Yes

Instructions:

1. Check Microsoft Security Update Guide for affected versions. 2. Apply Windows Update or security patch from Microsoft. 3. Restart system as required.

🔧 Temporary Workarounds

Restrict physical access

all

Implement physical security controls to prevent unauthorized access to systems and storage media

Enable BitLocker encryption

windows

Encrypt drives to protect data at rest, including NTFS log files

manage-bde -on C: -usedspaceonly

🧯 If You Can't Patch

Implement strict physical security controls for all systems and storage media
Enable full disk encryption on all affected systems

🔍 How to Verify

Check if Vulnerable:

Check Windows version and compare against Microsoft's affected versions list in security advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history shows the security patch installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to NTFS log files
Physical security breach indicators

Network Indicators:

Not applicable - primarily physical access vulnerability

SIEM Query:

Not applicable - no network exploitation vector

📊 Metadata

CVE ID: CVE-2025-24984

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-532

EPSS Score: 4.97% exploit probability (89.4th percentile)

CISA KEV: Actively Exploited added Mar 11, 2025

Published: March 11, 2025

Last Updated: October 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984 Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2012 by Microsoft