AI description
Automated description summarized from trusted sources.
CVE-2025-24996 is a vulnerability affecting Windows NTLM. It stems from external control of the file name or path, which could allow an unauthorized attacker to perform spoofing over a network. This means an attacker could potentially trick users into interacting with a malicious file or system, possibly leading to the theft of sensitive information or system compromise. The vulnerability affects multiple Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions. Microsoft has released security updates to address this vulnerability.
- Description
- External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-73
- Hype score
- Not currently trending