CVE-2025-24992

Q: What is the severity of CVE-2025-24992?

CVE-2025-24992 has a CVSS score of 5.5 (MEDIUM). This CVE describes a buffer over-read vulnerability in Windows NTFS that allows a local attacker to read beyond allocated memory boundaries. This could lead to information disclosure of sensitive data from system memory. Only Windows systems with NTFS file systems are affected.

5.5 MEDIUM

Buffer Overflow

📋 TL;DR

This CVE describes a buffer over-read vulnerability in Windows NTFS that allows a local attacker to read beyond allocated memory boundaries. This could lead to information disclosure of sensitive data from system memory. Only Windows systems with NTFS file systems are affected.

💻 Affected Systems

Products:

Windows NTFS

Versions: Specific Windows versions as detailed in Microsoft advisory

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using NTFS file system. Requires local access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive information from kernel memory, potentially exposing credentials, encryption keys, or other protected data.

🟠

Likely Case

Limited information disclosure of adjacent memory contents, possibly revealing file system metadata or partial file contents.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to non-sensitive data accessible to the user's privilege level.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring local access to the system.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gather information about the system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of memory layout. CWE-126 indicates buffer over-read vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user access to systems where sensitive data is stored

Implement least privilege

windows

Ensure users only have necessary permissions for their roles

🧯 If You Can't Patch

Implement strict access controls to limit who has local access to affected systems
Monitor for unusual local file system activity and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows version and compare against Microsoft's affected versions list in the advisory

Check Version:

winver

Verify Fix Applied:

Verify Windows Update history shows the relevant security patch installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual file system operations
Multiple failed file access attempts
Processes accessing NTFS system files

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

EventID: 4663 (File system access) with unusual patterns or multiple failures

📊 Metadata

CVE ID: CVE-2025-24992

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-126

EPSS Score: 0.28% exploit probability (50.6th percentile)

Published: March 11, 2025

Last Updated: July 3, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24992 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

Implement least privilege

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities