🟢 CVE-2025-24985

CVE-2025-24985 is an integer overflow vulnerability in the Windows Fast FAT File System Driver that allows local code execution. The vulnerability requires local access and user interaction (mounting/accessing malicious FAT file systems), making it unsuitable for direct internet exploitation despite being in CISA KEV.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-03-11

Added to CISA KEV: 2025-03-11 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24985 is a critical security vulnerability involving an integer overflow or wraparound flaw in the Microsoft Windows Fast FAT File System Driver [2] [1].

Exploitation and Threat Activity
  • Active Exploitation: The vulnerability was confirmed to be exploited in the wild and was subsequently added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [1] [3].
  • Attack Context: While it has been identified as a significant risk, specific details regarding its use in named ransomware campaigns or specific targeted threat actor groups are not widely publicized in general security databases. However, its inclusion in the CISA KEV catalog underscores its use in real-world attacks [3].
Attack Method and Impact
  • Exploitation Requirements: The vulnerability requires local access to the system and typically involves user interaction to facilitate the exploit [1].
  • Impact: Successful exploitation allows an unauthorized attacker to execute arbitrary code locally [2]. This can lead to severe consequences, including:
* Complete system compromise [1] * Installation of malware [1] * Data manipulation [1] * Creation of privileged accounts [1]
Proof-of-Concept (PoC)
  • Proof-of-concept exploit material has been reported as available via third-party security research platforms (e.g., Vicarius) [1]?changeRecordedOn=10/27/2025T13:14:06.520-0400?kagi_q=CVE-2025-24985+details+exploitation+impact+affected+versions.
Affected Versions and Mitigation
  • Affected Products: The vulnerability impacts a wide range of Windows desktop and server platforms, including various versions of Windows 10 and Windows 11 (e.g., Windows 10 versions 1507, 1607, 1809, 21H2, 22H2; Windows 11 versions 22H2, 23H2, 24H2, 25H2) [1] [5].
  • Patch Status: Microsoft released security updates to address this vulnerability in March 2025. Organizations were urged to apply these patches immediately, with CISA mandates requiring remediation by April 1, 2025 [2] [1]. Users should ensure their systems are updated to the latest available security versions provided by Microsoft [4].

Sources

  1. CVE-2025-24985 - Exploits & Severity - Feedly

    Affected versions include: Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2) with updates to 10.0.10240.20947, 10.0.14393.7876, and 10.0.17763 ... Threat Intelligence Report CVE-2025-24985 is a critical remote code execution vulnerability in the Windows Fast FAT File System Driver, which has been a…

  2. CVE-2025-24985 Detail - NVD

    CVE-2025-24985 Detail Description Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. ... CVE-2025-24985 Detail. Description. Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code local…

  3. March 2025 Patch Tuesday: 10 Critical Vulnerabilities Amid 63 CVEs

    Critical Vulnerabilities. CVE-2025-24985.The vulnerability's high-severity impact across multiple Windows versions, combined with its confirmed active exploitation and inclusion in CISA's Known Exploited Vulnerabilities catalog, makes it an urgent security risk requiring immediate attention. CVE-202…

  4. Top CVEs of May 2025: Critical Exploits & Patch Alerts

    Each month brings new vulnerabilities, and some aren’t just bugs, they’re invitations. The CVEs of May 2025 made headlines not just for their technical depth, but for how quickly they...Apply Patches Immediately: Microsoft has released security updates addressing this vulnerability. Affected systems…

  5. Microsoft patches 57 security flaws, including 6 exploited zero-days

    CVE-2025-24985 & has mandated patches by April 1. Affected versions: → Windows 10 (1809, 21H2, 22H2) → Windows 11 (22H2, 23H2, 24H2, 25H2) → ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed