🟢 CVE-2025-24991

CVE-2025-24991 is an out-of-bounds read vulnerability in Windows NTFS that allows local information disclosure. Despite being on CISA KEV, this is a local vulnerability requiring existing system access and user interaction, not directly exploitable over the internet.

← Back to Overview
LOW_RISK
Risk Level
5.5
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
N/A
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-03-11

Added to CISA KEV: 2025-03-11 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24991 is a security vulnerability in the Microsoft Windows NTFS file system that was disclosed in March 2025 [1]?id.299362?kagi_q=CVE-2025-24991+details+exploitation+impact+patch+status.

Vulnerability Overview
  • Type: Out-of-bounds (OOB) read vulnerability [1].
  • Impact: Successful exploitation allows an attacker to disclose sensitive information from the local system by reading memory regions outside of intended bounds [1] [4].
Exploitation and Attack Method
  • Active Exploitation: The vulnerability has been confirmed as actively exploited in the wild and was added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog [2] [5].
  • Requirements:
* Access: It is a local vulnerability, requiring the attacker to have local access to the target system [1]?id.299362?kagi_q=CVE-2025-24991+details+exploitation+impact+patch+status. * Method: Exploitation involves tricking a target into performing an action, such as mounting a crafted Virtual Hard Disk (VHD) file [3].
  • Threat Actor Usage: While it is known to be exploited in the wild, specific details regarding the threat actors or ransomware campaigns utilizing this vulnerability are not publicly detailed in available reports.
  • Proof-of-Concept: Some sources indicate that exploit code or techniques have been available for this vulnerability?id.299362?kagi_q=CVE-2025-24991+details+exploitation+impact+patch+status.
Mitigation and Status
  • Patch Status: Microsoft addressed this vulnerability as part of their security update cycle. Users were urged to apply patches promptly to mitigate the risk of exploitation [1] [5].
  • Recommendation: Given its inclusion in the CISA KEV catalog and evidence of active exploitation, it is considered a high-priority vulnerability that should be remediated immediately by applying the relevant security updates provided by Microsoft [2] [1].

Sources

  1. NVD - CVE-2025-24991

    CVE-2025-24991 Detail. Description. Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability. 03/11/2025. 04/01/2025. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cl…

  2. CVE-2025-24991: Windows 10 1507 Information Disclosure

    Given the active exploitation status and CISA KEV listing, patching should be treated as an emergency priority. SentinelOne customers are ... CVE-2025-24991 is an information disclosure vulnerability in Windows 10 1507 NTFS. Learn about its impact, affected versions, and mitigation methods.

  3. 6 Actively Exploited CVEs – Patch ASAP! | Juan Pablo Castro

    6️⃣ CVE-2025-24991 - Windows NTFS Information Disclosure Exploited by tricking a target into mounting a crafted VHD. Attackers gain ...

  4. CVE-2025-24991 - Out-of-Bounds Read in Windows NTFS Lets Local ...

    A newly-disclosed Windows NTFS vulnerability-- CVE-2025-24991 --allows an attacker with local privileges to read memory regions outside the intended bounds. This out-of-bounds (OOB) read flaw can expose potentially sensitive data on Windows systems.

  5. CVE-2025-24991 - Exploits & Severity - Feedly

    Threat Intelligence Report CVE-2025-24991 is a Windows NTFS Information Disclosure Vulnerability that has been added to CISA's Known Exploited Vulnerabilities Catalog, highlighting its criticality. Users are urged to apply patches before April 1, 2025, to mitigate potential exploitation. No addition…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed