CVE-2025-24992Buffer Over-read in Microsoft Windows 10 Version 1507

CWE-126Buffer Over-read6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 37.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
26
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+23 more
Timeline
PublishedMar 11

Description

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages25 packages

NVDmicrosoft/windows< 10.0.14393.7876+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20947
NVDmicrosoft/windows_10_1607< 10.0.14393.7876
NVDmicrosoft/windows_10_21h2< 10.0.19044.5608
NVDmicrosoft/windows_10_22h2< 10.0.19045.5608

🔴Vulnerability Details

2
CVEList
Windows NTFS Information Disclosure Vulnerability2025-03-11
GHSA
GHSA-33m7-2r3h-jgfx: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally2025-03-11

📋Vendor Advisories

1
Microsoft
Windows NTFS Information Disclosure Vulnerability2025-03-11

🕵️Threat Intelligence

2
Tenable
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)2025-03-11
Bleepingcomputer
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws2025-03-11
CVE-2025-24992 — Buffer Over-read in Microsoft | cvebase