CVE-2025-24985
Published Mar 11, 2025
Last updated 2 months ago
AI description
CVE-2025-24985 is a remote code execution vulnerability in the Windows Fast FAT File System Driver. An attacker could exploit this vulnerability by convincing a target to mount a specially crafted virtual hard disk (VHD). Successful exploitation allows the attacker to execute arbitrary code on the system. This vulnerability affects Windows 10, Windows Server 2019, Windows Server 2022, and likely other versions of Windows. It was reported to Microsoft and patched in March 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog as it has evidence of active exploitation. This vulnerability is caused by an integer overflow or wraparound within the Fast FAT Driver. Exploiting this vulnerability requires local access and user interaction. While technical details are not widely available, it's known that an exploit exists. Microsoft has released patches to address this vulnerability, and users are strongly encouraged to apply these patches as soon as possible.
- Description
- Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Transient Kernel Memory Pool Corruption Transient kernel memory pool corruption exploits speculative execution to overwrite kernel memory pool metadata, enabling privilege escalation. Inspired by vulnerabilities like CVE-2025-24985 in the Windows Fast FAT driver (), this https
@datareaperai
3 Aug 2025
275 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8AD6Bt – spot what’s trending before it’s everywhere: CVE-2025-29824 CVE-2025-6543 CVE-2025-20337 CVE-2025-6558 (via @_clem1) CVE-2025-49144 CVE-2025-24985 CVE-2025-20274 CVE-2025-23266 (via @nirohfeld @shirtamari) CVE-2021-41773
@ptdbugs
18 Jul 2025
129 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability https://t.co/N0ttHnqTe1 The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters. https://t.co/UxI7Vsvob9
@hackyboiz
17 Jul 2025
4030 Impressions
27 Retweets
84 Likes
32 Bookmarks
1 Reply
1 Quote
We'll be publishing an analysis of the CVE-2025-24985 Windows Fast FAT Driver RCE Vulnerability that MS patched in March, along with a BSOD PoC tomorrow. https://t.co/Svx8FaCwVY
@hackyboiz
16 Jul 2025
3812 Impressions
18 Retweets
55 Likes
16 Bookmarks
0 Replies
0 Quotes
We added the following vulnerabilities to our feed: - UNDISCLOSED: Microsoft Management Console - CVE-2025-24054: Windows File Explorer NTLM Leak - CVE-2025-24985: Windows FAT DoS - CVE-2023-36205: Zemana AntiMalware LPE - CVE-2021-21551: Dell Driver LPE https://t.co/iKW6swSCtZ
@crowdfense
24 Apr 2025
2079 Impressions
6 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
この内 CVE-2025-24983、CVE-2025-24984、CVE-2025-24985、CVE-2025-24991、CVE-2025-24993、CVE-2025-26633 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、更新プログラムを適用してください。
@quickshield_jp
7 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
5 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
4 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
2 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
2 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
2 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
23 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
21 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
21 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24985
@transilienceai
19 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution. 🔹 Key threats: CVE-2025-24985 &… https
@achi_tech
15 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We released a demo video for the CVE-2025-24985 Windows Fast FAT File System Driver RCE Vulnerability, patched by Microsoft in March 2025. Watch the video and subscribe to our private vulnerability PoC and detailed report service. https://t.co/lVH1gwsNls
@_patchpoint_
13 Mar 2025
3958 Impressions
12 Retweets
35 Likes
16 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24985 🔴 HIGH (7.8) 🏢 Microsoft - Windows 10 Version 1809 🏗️ 10.0.17763.0 🔗 https://t.co/LQh9rbl2z8 #CyberCron #VulnAlert #InfoSec https://t.co/HBcbn6LBwG
@cybercronai
12 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches 57 Bugs, 6 Zero-Days Under Active Attack Microsoft’s latest update fixes six exploited zero-days, including critical kernel vulnerabilities (CVE-2025-24985). Attackers are actively targeting NTFS, Fast FAT, and Windows Remote Desktop Services for privilege… htt
@dCypherIO
12 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Cybersecurity Alert: #Microsoft #Windows Fast FAT Vulnerability #CVE-2025-24985 https://t.co/F5kvZR4xOc
@UndercodeNews
12 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔎 March’s Microsoft Patch Tuesday: 6 Zero-Days Under Active Attack Microsoft patched 6 zero-days (already exploited!) + 51 other flaws. Critical risks: 🔻 NTFS flaws (CVE-2025-24993, etc.) – Arbitrary code execution via malicious VHDs. 🔻 Windows Fast FAT (CVE-2025-24985) –… ht
@Action1corp
12 Mar 2025
61 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! 🔹 Key threats: CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware CVE-2025-26633 – Security bypass flaw in Microso
@dysafhackx
12 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! This month’s Patch Tuesday fixes 57 security flaws, including 6 exploited zero-days that attackers are already using for privilege escalation, data theft, and remote code execution. 🔹 Key threats: CVE-2025-24985 &… https
@TheHackersNews
12 Mar 2025
17577 Impressions
94 Retweets
191 Likes
32 Bookmarks
5 Replies
7 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "67C8DCD7-90C4-431F-BD03-FDFDE170E748",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "05169574-28AB-4E42-B3DE-710574BB1AD3",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83256070-991F-404C-AE4C-CBB46166CA67",
"versionEndExcluding": "10.0.19044.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1F779E2-8536-4B06-A151-6115C9D88D29",
"versionEndExcluding": "10.0.19045.5608"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B27CE48-66A0-488B-A7B6-18A5A191AFDA",
"versionEndExcluding": "10.0.22621.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77DC7D9D-F85F-41B4-A944-D27B388A1157",
"versionEndExcluding": "10.0.22631.5039"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "749B3071-291A-456E-90D5-4B0061B40064",
"versionEndExcluding": "10.0.26100.3476"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D271422D-A29F-4DBF-BF72-BCD90E393A5A",
"versionEndExcluding": "10.0.17763.7009"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1426FF0-A402-4149-9F2B-0FA3CEB4BB5B",
"versionEndExcluding": "10.0.20348.3328"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "96046A7B-76A1-4DCF-AEA5-25344D37E492",
"versionEndExcluding": "10.0.25398.1486"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "DFE44B43-DB8C-46E0-8344-C22ED7406A50",
"versionEndExcluding": "10.0.26100.3476"
}
],
"operator": "OR"
}
]
}
]