CVE-2025-24061
Published: 11 March 2025
Summary
CVE-2025-24061 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Mark-of-the-Web Bypass (T1553.005); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the MOTW protection mechanism failure by requiring timely application of vendor patches for this specific vulnerability.
Deploys malicious code protection mechanisms that scan and block execution of malware even if MOTW is bypassed locally.
Restricts user-installed or unauthorized software execution, limiting the impact of MOTW bypass by preventing unapproved code from running.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a direct bypass of the Windows Mark of the Web (MOTW) protection mechanism, enabling execution of otherwise blocked malicious content; this maps precisely to T1553.005 Mark-of-the-Web Bypass.
NVD Description
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
Deeper analysisAI
CVE-2025-24061 is a protection mechanism failure in the Windows Mark of the Web (MOTW) feature, enabling an unauthorized attacker to bypass a security feature locally. This vulnerability affects Windows systems and is classified under CWE-693. It received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impacts despite requiring local access and user interaction.
An unauthorized attacker with local access to a vulnerable Windows system can exploit this issue with low attack complexity and no required privileges, though user interaction is necessary. Successful exploitation allows the attacker to bypass MOTW protections, potentially leading to high confidentiality, integrity, and availability impacts, such as executing malicious content that would otherwise be blocked.
Microsoft's update guide provides details on mitigations and patches for this vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24061. Security practitioners should consult this advisory for specific remediation steps.
Details
- CWE(s)