CVE-2025-24985

Published Mar 11, 2025

Last updated 3 months ago

Exploit knownCVSS high 7.8
Windows
Fast FAT Driver

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-24985 is a remote code execution vulnerability in the Windows Fast FAT File System Driver. An attacker could exploit this vulnerability by convincing a target to mount a specially crafted virtual hard disk (VHD). Successful exploitation allows the attacker to execute arbitrary code on the system. This vulnerability affects Windows 10, Windows Server 2019, Windows Server 2022, and likely other versions of Windows. It was reported to Microsoft and patched in March 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog as it has evidence of active exploitation. This vulnerability is caused by an integer overflow or wraparound within the Fast FAT Driver. Exploiting this vulnerability requires local access and user interaction. While technical details are not widely available, it's known that an exploit exists. Microsoft has released patches to address this vulnerability, and users are strongly encouraged to apply these patches as soon as possible.

Description
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Exploit added on
Mar 11, 2025
Exploit action due
Apr 1, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-122
nvd@nist.gov
CWE-190

Social media

Hype score
Not currently trending

  1. Transient Kernel Memory Pool Corruption Transient kernel memory pool corruption exploits speculative execution to overwrite kernel memory pool metadata, enabling privilege escalation. Inspired by vulnerabilities like CVE-2025-24985 in the Windows Fast FAT driver (), this https

    @datareaperai

    3 Aug 2025

    401 Impressions

    0 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Weekly vuln radar. https://t.co/Cd6L8AD6Bt – spot what’s trending before it’s everywhere: CVE-2025-29824 CVE-2025-6543 CVE-2025-20337 CVE-2025-6558 (via @_clem1) CVE-2025-49144 CVE-2025-24985 CVE-2025-20274 CVE-2025-23266 (via @nirohfeld @shirtamari) CVE-2021-41773

    @ptdbugs

    18 Jul 2025

    129 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability https://t.co/N0ttHnqTe1 The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters. https://t.co/UxI7Vsvob9

    @hackyboiz

    17 Jul 2025

    4030 Impressions

    27 Retweets

    84 Likes

    32 Bookmarks

    1 Reply

    1 Quote

  4. We'll be publishing an analysis of the CVE-2025-24985 Windows Fast FAT Driver RCE Vulnerability that MS patched in March, along with a BSOD PoC tomorrow. https://t.co/Svx8FaCwVY

    @hackyboiz

    16 Jul 2025

    3812 Impressions

    18 Retweets

    55 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  5. We added the following vulnerabilities to our feed: - UNDISCLOSED: Microsoft Management Console - CVE-2025-24054: Windows File Explorer NTLM Leak - CVE-2025-24985: Windows FAT DoS - CVE-2023-36205: Zemana AntiMalware LPE - CVE-2021-21551: Dell Driver LPE https://t.co/iKW6swSCtZ

    @crowdfense

    24 Apr 2025

    2079 Impressions

    6 Retweets

    14 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  6. この内 CVE-2025-24983、CVE-2025-24984、CVE-2025-24985、CVE-2025-24991、CVE-2025-24993、CVE-2025-26633 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、更新プログラムを適用してください。

    @quickshield_jp

    7 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    5 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    4 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    3 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    2 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    2 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    2 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    23 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    21 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    21 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-24985

    @transilienceai

    19 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. 🔥 Microsoft warns: 6 zero-days under active attack! This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution. 🔹 Key threats: CVE-2025-24985 &… https

    @achi_tech

    15 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. We released a demo video for the CVE-2025-24985 Windows Fast FAT File System Driver RCE Vulnerability, patched by Microsoft in March 2025. Watch the video and subscribe to our private vulnerability PoC and detailed report service. https://t.co/lVH1gwsNls

    @_patchpoint_

    13 Mar 2025

    3958 Impressions

    12 Retweets

    35 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 CVE-2025-24985 🔴 HIGH (7.8) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/LQh9rbl2z8 #CyberCron #VulnAlert #InfoSec https://t.co/HBcbn6LBwG

    @cybercronai

    12 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Microsoft Patches 57 Bugs, 6 Zero-Days Under Active Attack Microsoft’s latest update fixes six exploited zero-days, including critical kernel vulnerabilities (CVE-2025-24985). Attackers are actively targeting NTFS, Fast FAT, and Windows Remote Desktop Services for privilege… htt

    @dCypherIO

    12 Mar 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 Urgent Cybersecurity Alert: #Microsoft #Windows Fast FAT Vulnerability #CVE-2025-24985 https://t.co/F5kvZR4xOc

    @UndercodeNews

    12 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🔎 March’s Microsoft Patch Tuesday: 6 Zero-Days Under Active Attack Microsoft patched 6 zero-days (already exploited!) + 51 other flaws. Critical risks: 🔻 NTFS flaws (CVE-2025-24993, etc.) – Arbitrary code execution via malicious VHDs. 🔻 Windows Fast FAT (CVE-2025-24985) –… ht

    @Action1corp

    12 Mar 2025

    61 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🔥 Microsoft warns: 6 zero-days under active attack! 🔹 Key threats: CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware CVE-2025-26633 – Security bypass flaw in Microso

    @dysafhackx

    12 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🔥 Microsoft warns: 6 zero-days under active attack! This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution. 🔹 Key threats: CVE-2025-24985 &… https

    @TheHackersNews

    12 Mar 2025

    17577 Impressions

    94 Retweets

    191 Likes

    32 Bookmarks

    5 Replies

    7 Quotes

Configurations

References

Sources include official advisories and independent security research.