CVE-2025-50154

Published Aug 12, 2025

Last updated 6 months ago

CVSS medium 6.5
Microsoft
Windows File Explorer

Overview

Description
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-200

Social media

Hype score
Not currently trending

  1. Browsing a folder shouldn't leak your credentials, but a new Windows Explorer flaw does exactly that. OPSWAT Cybersecurity Fellowship participants break down CVE-2025-50154 and how to protect yourself. Dig into the analysis. https://t.co/kIxvYYEjOJ https://t.co/J6x5yP0XNb

    @OPSWAT

    12 Feb 2026

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154)  https://t.co/NNkCef1mqO

    @johntroony

    10 Jan 2026

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. The easiest way to exploit 0-Click vulnerability CVE-2025-50154 Just create an LNK file https://t.co/71pbn2de4r

    @Jane_0sint

    15 Nov 2025

    174 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. The easiest way to exploit vulnerability CVE-2025-50154 Just create an LNK file https://t.co/Erh8ZqJ9uP

    @Jane_0sint

    15 Nov 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ¿Habéis visto el vídeo que he subido a las 19:00? Trata de cómo Windows, sin si quiera saberlo, compartía tus credenciales con los atacantes mediante el explorador de archivos. Exactamente trata de los CVE-2025-24071 y CVE-2025-50154. ¡Vulnerabilidades de este año!🆕

    @ShadowRooted

    8 Nov 2025

    3 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  6. The following vulnerabilities have been added to our feed: - CVE-2025-33053: Microsoft Windows Internet Shortcut Files RCE - CVE-2025-25257: Fortinet FortiWeb RCE - CVE-2025-50154: Microsoft Windows File Explorer NTLM Leak https://t.co/av7UZS4l6H

    @crowdfense

    16 Oct 2025

    2191 Impressions

    3 Retweets

    23 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability https://t.co/wnzgsR0oHx #SecQube #cybersecurity

    @SecQube

    18 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. POC for CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch

    @Jeyso215

    8 Sept 2025

    120 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Beware the Cursed Shortcut (CVE-2025-50154) — a zero-click vulnerability in File Explorer that steals NTLM hashes at a mere glance. Patch now or risk letting the killer rabbit slip through your gates. https://t.co/mjtJ0M6O8M

    @vicariusltd

    20 Aug 2025

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154)  By: Ruben Enkaoua https://t.co/J3yxOUiPGu https://t.co/mnqz39hviv

    @7h3h4ckv157

    19 Aug 2025

    3681 Impressions

    18 Retweets

    84 Likes

    35 Bookmarks

    1 Reply

    0 Quotes

  11. 𝗭𝗲𝗿𝗼 𝗖𝗹𝗶𝗰𝗸, 𝗢𝗻𝗲 𝗡𝗧𝗟𝗠: 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗮𝘁𝗰𝗵 𝗕𝘆𝗽𝗮𝘀𝘀 A newly discovered zero-click vulnerability, CVE-2025-50154, bypasses a Microsoft patch, allo

    @0x534c

    13 Aug 2025

    28869 Impressions

    66 Retweets

    252 Likes

    206 Bookmarks

    1 Reply

    1 Quote

  12. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/SfjlNVimhm https://t.co/OhJRkFiVeh

    @5mukx

    13 Aug 2025

    11140 Impressions

    54 Retweets

    267 Likes

    128 Bookmarks

    3 Replies

    0 Quotes

  13. CVE-2025-50154:Zero Click, One NTLM: Patch Bypass - https://t.co/gX2CwP09XP

    @piedpiper1616

    13 Aug 2025

    1150 Impressions

    5 Retweets

    21 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  14. Find the POC for my new finding, CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch. https://t.co/JKA8zuyYnl

    @RubenLabs

    13 Aug 2025

    1822 Impressions

    17 Retweets

    24 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  15. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/whuakYDRVC

    @ipurple

    12 Aug 2025

    3596 Impressions

    16 Retweets

    71 Likes

    37 Bookmarks

    1 Reply

    0 Quotes

  16. You didn’t click, but your password challenge is leaked. I’m excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. https://t.co/ssA9YdBE6J

    @RubenLabs

    12 Aug 2025

    4665 Impressions

    19 Retweets

    55 Likes

    38 Bookmarks

    0 Replies

    4 Quotes

  17. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/3jH4C9Tz17 https://t.co/d0lmBk0L2O

    @secharvesterx

    12 Aug 2025

    69 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/W5xWsbvEck

    @_r_netsec

    12 Aug 2025

    1437 Impressions

    2 Retweets

    7 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-50154 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. https://t.co/IIDkpy4gJL

    @CVEnew

    12 Aug 2025

    231 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  2. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  3. Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-25189
  4. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.CVE-2026-25188
  5. Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.CVE-2026-25187

References

Sources include official advisories and independent security research.