Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-24071Sensitive Information Exposure in Microsoft Windows 10 Version 1507

CWE-200Sensitive Information Exposure14 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
57.7%
top 1.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
21
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+18 more
Timeline
PublishedMar 11
Latest updateNov 26

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages20 packages

NVDmicrosoft/windows< 10.0.14393.7876+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20947
NVDmicrosoft/windows_10_1607< 10.0.14393.7876
NVDmicrosoft/windows_10_1809< 10.0.17763.7009
NVDmicrosoft/windows_11_23h2< 10.0.22631.5039

🔴Vulnerability Details

3
CVEList
Microsoft Windows File Explorer Spoofing Vulnerability2025-03-11
GHSA
GHSA-mppc-8qxh-4wjw: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network2025-03-11
VulnCheck
Microsoft Windows Exposure of Sensitive Information to an Unauthorized Actor2025

💥Exploits & PoCs

2
Exploit-DB
Windows File Explorer Windows 10 Pro x64 - TAR Extraction2025-06-13
Exploit-DB
Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure2025-05-29

📋Vendor Advisories

1
Microsoft
Microsoft Windows File Explorer Spoofing Vulnerability2025-03-11

🕵️Threat Intelligence

6
Securelist
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 20252025-11-26
Securelist
How NTLM is being abused in 2025 cyberattacks2025-11-26
Securelist
Vulnerability landscape analysis for Q2 20252025-08-27
Securelist
Vulnerability landscape analysis for Q1 20252025-05-30
Securelist
Exploits and vulnerabilities in Q1 20252025-05-30

📄Research Papers

1
CTF
easy / README
CVE-2025-24071 — Sensitive Information Exposure | cvebase