- Description
- Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1507, windows_10_1607, windows_10_1809, windows_11_23h2, windows_11_24h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-200
- Hype score
- Not currently trending
Fsociety-CVE-2025-24071-NTLM-Coercion #exploit #password This is the Fsociety Exploit Framework for CVE-2025-24071. Generates malicious .library-ms files to steal NTLMv2 hashes. Includes a 'Living Terminal' Cinematic Mode, Deep Trace loggin... https://t.co/5h1AWNAWgC
@TheExploitLab
22 Dec 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 The NTLM Coercion Kill Shot: How NetExec's New Module Exploits #CVE-2025-24071 for Instant Hash Harvesting https://t.co/2JRcacwRkc Educational Purposes!
@UndercodeUpdate
17 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Late to the party, but better late than never right? The module "drop-library-ms" made by @Xed_sama is now merged into NetExec🚀 It drops a .library-ms file onto writable shares to get NTLM hashes when a user visits the directory, exploiting CVE-2025-24071. https://t.co/hGsiz
@al3x_n3ff
17 Nov 2025
6450 Impressions
28 Retweets
108 Likes
41 Bookmarks
0 Replies
1 Quote
CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/qkKnUeuYzm
@akaclandestine
9 Nov 2025
824 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
¿Habéis visto el vídeo que he subido a las 19:00? Trata de cómo Windows, sin si quiera saberlo, compartía tus credenciales con los atacantes mediante el explorador de archivos. Exactamente trata de los CVE-2025-24071 y CVE-2025-50154. ¡Vulnerabilidades de este año!🆕
@ShadowRooted
8 Nov 2025
3 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-24071 // CVE-2025-24054: PoC for NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File Write-up: https://t.co/tl3nepqqG7 GitHub: https://t.co/jnVDvYMGvE https://t.co/aZBi5lPEQK
@DarkWebInformer
16 Oct 2025
15342 Impressions
65 Retweets
359 Likes
183 Bookmarks
4 Replies
0 Quotes
🚨 Unlocking Fluffy: A Deep Dive into #CVE-2025-24071, ACL Abuse, and ESC16 Privilege Escalation https://t.co/kKOGRKnsef Educational Purposes!
@UndercodeUpdate
29 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fluffy (HTB S8): ZIP exploit (CVE-2025-24071) → NetNTLMv2 capture → BloodHound pivot to a Service Account → ESC16 in AD CS → minted Domain-Admin cert. Read the writeup: https://t.co/uLObb8e9bP #HTB #AD #Infosec
@Adonijah_Kimut
28 Sept 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HackTheBox - Fluffy write-up > CVE-2025-24071 > Shadow Credentials > AD CS ESC16 https://t.co/mHsQZvEkU1 #HackTheBox #CVE #infosec #Pentesting #redteam #hacking
@rexkyris
22 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2018-17144 2 - CVE-2025-24071 3 - CVE-2017-10271 4 - CVE-2025-53770 5 - CVE-2024-34102 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
21 Sept 2025
129 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Walkthrough for HTB Fluffy Machine, CVE-2025-24071 NTLM Capture & Shadow Credentials Attack https://t.co/Qxs08VtSCZ #hackthebox #htb #fluffy #activedirectory #pentestingv #cve202524071 #ntlmhashcapture #maliciouszipfile #bloodhound #smbenumeration #ethicalhacking
@rd112pt
20 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Unlocking Fluffy: A Deep Dive into ADCS Exploitation and #CVE-2025-24071 https://t.co/I7PNAuL8cb Educational Purposes!
@UndercodeUpdate
20 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fluffy from @hackthebox_eu is a nice AD / ADCS box with CVE-2025-24071/CVE-2025-24054 to get a NetNTLMv2, and then pivot using BloodHound to get access to a user who can exploit ESC16 in the ADCS environment. https://t.co/aAMY0EJvXD
@0xdf_
20 Sept 2025
4086 Impressions
16 Retweets
96 Likes
32 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: file parsing behavior of .library-ms files in Windows Explorer. An unauthenticated attacker can exploit this vulnerability by constructing RAR/ZIP files containing a malicious SMB path. https://t.co/dWmSArcrTb https://t.co/XNAXgMOBL2
@cyber_advising
10 Jun 2025
1653 Impressions
5 Retweets
20 Likes
7 Bookmarks
1 Reply
0 Quotes
Windows 11 File Explorer の脆弱性 CVE-2025-24071:NTLM Hash 窃取での悪用と PoC のリリース https://t.co/4iIOHHqu8o Windows Explorer に見つかった脆弱性ですが、思ったよりも簡単に悪用できてしまうのが怖いですね。特に ZIP
@iototsecnews
10 Jun 2025
58 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای Windows File Explorer در ویندوز ۱۱ نسخه 23H2، آسیب پذیری با کد شناسایی CVE-2025-24071 منتشر شده است که باعث سرقت NTLM Hash می شود. ویندوز هایی که فایل های library-ms و پروتکل SMB را
@AmirHossein_sec
30 May 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-24071: NTLM Hash Leak via RARZIP Extraction https://t.co/iyEpKRHyeO
@DarkWebInformer
29 May 2025
7572 Impressions
21 Retweets
114 Likes
62 Bookmarks
1 Reply
0 Quotes
CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/l3IEDlcuGh
@TareqALhazzaa
1 May 2025
2163 Impressions
9 Retweets
74 Likes
31 Bookmarks
2 Replies
0 Quotes
🦹♀️👑 Villain of the Week 👑🦹♀️ A spoofing vulnerability, CVE-2025-24071, has been identified in Microsoft Windows File Explorer. This flaw allows attackers to capture NTLM hashed credentials when a user opens a folder containing a specially crafted .libr
@vicariusltd
30 Apr 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 #ciberseguridad #hacking Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows (CVE-2025-24071) 🔒 https://t.co/YOzh8iCmVB https://t.co/omv9lCf6CC
@mileseceirl
23 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/aviH9dMEiw
@Dinosn
20 Apr 2025
8933 Impressions
45 Retweets
226 Likes
95 Bookmarks
0 Replies
1 Quote
WindowsのNTLM認証に関する複数の脆弱性(CVE-2025-21377、CVE-2025-21217、CVE-2025-24071)が報告された。NTLMハッシュの漏洩や認証バイパスのリスクがあり、早急なパッチ適用とNTLMの使用制限が推奨。 https://t.co/wQx6P6jMPN
@01ra66it
16 Apr 2025
874 Impressions
5 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
EncryptHubの二重生活:サイバー犯罪者対Windowsのバグ報奨金研究者(CVE-2025-24061、CVE-2025-24071) https://t.co/P85bmF70j3 #security #セキュリティ #ニュース
@SecureShield_
7 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Credits Hacker 'EncryptHub' for Discovering Critical Windows Flaws In a surprising move, Microsoft has publicly credited the hacker known as "EncryptHub" for responsibly disclosing two high-severity Windows vulnerabilities—CVE-2025-24061 and CVE-2025-24071—both patched
@ChbibAnas
7 Apr 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
👀 Microsoft Credits EncryptHub — the Hacker Behind 618+ Breaches — for Disclosing Windows Flaws. 👀 In March 2025, EncryptHub reported 2 critical bugs (CVE-2025-24061 & CVE-2025-24071). Weeks later, he exploited a zero-day (CVE-2025-26633), hitting hundreds of targets usin
@TheHackersNews
5 Apr 2025
13527 Impressions
35 Retweets
80 Likes
15 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24071
@transilienceai
2 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24071
@transilienceai
2 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 ALERTA DE SEGURIDAD: CVE-2025-24071 - Suplantación en Explorador de Archivos de Windows 🚨 Se ha identificado una vulnerabilidad en el Explorador de Windows que permite a atacantes no autenticados capturar hashes NTLM. https://t.co/tSKNwKR90m
@BanCERT_gt
26 Mar 2025
12 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Understanding and Mitigating the CVE-2025-24071 Vulnerability in Windows https://t.co/EM8K1itkFY #cve202524071 #windowsvulnerability #ntlm #cybersecurity #patchmanagement
@DefendOpsHQ
25 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Reported to MSRC on June 29, 2018, Case CRM: 0461055432 and was told "the risk was not severe enough" @msftsecresponse will I get credit for CVE-2025-24071 for my original discovery report? https://t.co/VXdc9V44EN https://t.co/UqmYgD4lAp @0x6rss #CVE-2025-24071
@hyp3rlinx
22 Mar 2025
8518 Impressions
9 Retweets
37 Likes
17 Bookmarks
2 Replies
0 Quotes
Una vulnerabilidad crítica en el Explorador de archivos de Windows , identificada como CVE-2025-24071, permite a los atacantes robar contraseñas con hash NTLM sin ninguna interacción del usuario más allá de simplemente extraer un archivo comprimido. https://t.co/mEYXrTNJkg https:
@ohbrient
21 Mar 2025
24 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Windows Explorer initiates an SMB authentication request upon extracting a .library-ms file from a .rar archive, exposing NTLM hashes. Extraction alone triggers the vulnerability. https://t.co/8soaMAFt7n
@hack_sparo
21 Mar 2025
22349 Impressions
91 Retweets
498 Likes
247 Bookmarks
4 Replies
1 Quote
CVE-2025-24071 POC Exploit released for Microsoft Flaw #microsoft #CVE-2025-24071 https://t.co/KxDpdddac2
@pravin_karthik
21 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのファイルエクスプローラーの脆弱性(CVE-2025-24071)により、特別に細工されたアーカイブを解凍するとNTLMハッシュが漏洩する可能性がある。 Microsoftは2025年3月の月例パッチでこの問題を修正済み。 https://t.co/Qv0u8YJ5CI
@01ra66it
20 Mar 2025
1180 Impressions
5 Retweets
23 Likes
5 Bookmarks
0 Replies
0 Quotes
PoC Released: Windows Explorer CVE-2025-24071 Vulnerability Exposes NTLM Hashes https://t.co/qc4hi0AHeR
@Dinosn
20 Mar 2025
14421 Impressions
100 Retweets
324 Likes
135 Bookmarks
3 Replies
0 Quotes
VULNERABILIDAD DE SUPLANTACIÓN EN EL EXPLORADOR DE ARCHIVOS DE MICROSOFT WINDOWS (CVE-2025-24071) *La Noticia completa en nuestra Página Oficial https://t.co/x51LpW0QRp https://t.co/VsbUuY0XRS
@mostradorwebcom
19 Mar 2025
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[Blog] Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows (CVE-2025-24071) https://t.co/TEpRyuaA7y
@elhackernet
19 Mar 2025
2556 Impressions
8 Retweets
16 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File https://t.co/QENoRT3GC5
@akaclandestine
18 Mar 2025
2872 Impressions
15 Retweets
81 Likes
34 Bookmarks
0 Replies
1 Quote
CVE-2025-24071> Windows Explorer automatically initiates an SMB authentication request when a .library-ms file is extracted from a .rar archive, leading to NTLM hash disclosure. The user does not need to open or execute the file... https://t.co/d1myefHndw
@cyber_advising
18 Mar 2025
20854 Impressions
106 Retweets
346 Likes
193 Bookmarks
4 Replies
0 Quotes
🚨 CVE-2025-24071 Vulnerabilidad de suplantación en el Explorador de Archivos de Microsoft Windows. ⚠️Estado⚠️: Parcheada ✅ 🔗 Blog post: https://t.co/nsz1lmHRCz 🔗 PoC: https://t.co/LYKt2uQpOO #Ciberseguridad #Windows #Vulnerabilidad #CVE202524071
@Cyph3R_CyberSec
18 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - 0x6rss/CVE-2025-24071_PoC: CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File - https://t.co/7axtCRjLnD
@piedpiper1616
18 Mar 2025
7360 Impressions
63 Retweets
176 Likes
84 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071: Microsoft Windows File Explorer Spoofing Vulnerability Check out the new security vulnerability I discovered in Windows, which I believe is potentially being sold in the wild. (fixed patch tuesday) Blog post: https://t.co/kFWnAZbsvR PoC: https://t.co/7n1nfU6HJv ht
@0x6rss
18 Mar 2025
18179 Impressions
101 Retweets
420 Likes
244 Bookmarks
0 Replies
2 Quotes
🚨 CVE-2025-24071 🔴 HIGH (7.5) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/wHKunzLEGr #CyberCron #VulnAlert #InfoSec https://t.co/qzhwz75gzT
@cybercronai
13 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24071 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. https://t.co/1M4l5DmgVf
@CVEnew
11 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "37ACC628-E175-4240-8166-C45995518331",
"versionEndExcluding": "10.0.26100.3476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "71D7DCBF-A571-4A16-8F32-FE24150917C0",
"versionEndExcluding": "10.0.26100.3476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1426FF0-A402-4149-9F2B-0FA3CEB4BB5B",
"versionEndExcluding": "10.0.20348.3328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DFE44B43-DB8C-46E0-8344-C22ED7406A50",
"versionEndExcluding": "10.0.26100.3476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]