CVE-2025-50154
Published Aug 12, 2025
Last updated 3 days ago
AI description
CVE-2025-50154 is a vulnerability that bypasses a previous Microsoft security patch (CVE-2025-24054) and allows for the extraction of NTLM hashes without user interaction, even on fully patched systems. This is achieved by exploiting a gap in the original mitigation, enabling automatic NTLM authentication requests. The vulnerability involves manipulating Windows shortcut files (LNK) and how the explorer.exe process handles remote binary retrieval. Specifically, the bypass works because the initial patch didn't fully address how icons are rendered for remote binary files. Even though the patch prevented shortcuts from rendering icons based on UNC paths, it didn't account for remote binaries that store their own icon data. When Windows Explorer attempts to display a specially crafted shortcut, it retrieves the entire remote binary to extract the icon, triggering NTLM authentication in the process, without requiring any user clicks.
- Description
- Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-200
- Hype score
- Not currently trending
๐ญ๐ฒ๐ฟ๐ผ ๐๐น๐ถ๐ฐ๐ธ, ๐ข๐ป๐ฒ ๐ก๐ง๐๐ : ๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฃ๐ฎ๐๐ฐ๐ต ๐๐๐ฝ๐ฎ๐๐ A newly discovered zero-click vulnerability, CVE-2025-50154, bypasses a Microsoft patch, allo
@0x534c
13 Aug 2025
28869 Impressions
66 Retweets
252 Likes
206 Bookmarks
1 Reply
1 Quote
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/SfjlNVimhm https://t.co/OhJRkFiVeh
@5mukx
13 Aug 2025
11140 Impressions
54 Retweets
267 Likes
128 Bookmarks
3 Replies
0 Quotes
CVE-2025-50154:Zero Click, One NTLM: Patch Bypass - https://t.co/gX2CwP09XP
@piedpiper1616
13 Aug 2025
1150 Impressions
5 Retweets
21 Likes
9 Bookmarks
1 Reply
0 Quotes
Find the POC for my new finding, CVE-2025-50154, a zero day vulnerability on windows file explorer disclosing NTLMv2-SSP without user interaction. It is a bypass for the CVE-2025-24054 Security Patch. https://t.co/JKA8zuyYnl
@RubenLabs
13 Aug 2025
1822 Impressions
17 Retweets
24 Likes
6 Bookmarks
1 Reply
0 Quotes
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/whuakYDRVC
@netbiosX
12 Aug 2025
3596 Impressions
16 Retweets
71 Likes
37 Bookmarks
1 Reply
0 Quotes
You didnโt click, but your password challenge is leaked. Iโm excited to share my latest research: CVE-2025-50154, a high severity NTLM hash disclosure vulnerability in the explorer.exe process, exploitable without any user interaction. https://t.co/ssA9YdBE6J
@RubenLabs
12 Aug 2025
4665 Impressions
19 Retweets
55 Likes
38 Bookmarks
0 Replies
4 Quotes
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/3jH4C9Tz17 https://t.co/d0lmBk0L2O
@secharvesterx
12 Aug 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) https://t.co/W5xWsbvEck
@_r_netsec
12 Aug 2025
1437 Impressions
2 Retweets
7 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2025-50154 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. https://t.co/IIDkpy4gJL
@CVEnew
12 Aug 2025
231 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes