CVE-2025-24071

MediumPublic PoC

Published: 11 March 2025

Published

11 March 2025

Modified

03 July 2025

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score 0.7352 98.8th percentile

Risk Priority 57 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24071 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the vulnerability by requiring timely application of Microsoft patches to Windows File Explorer as specified in the MSRC update guide.

AU-13 Monitoring for Information Disclosure good match

detect

Monitors systems specifically for unauthorized disclosure of sensitive information, which is the primary exploitation vector in this CVE.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Scans for and identifies vulnerabilities like CVE-2025-24071 in Windows File Explorer to enable proactive remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

The vulnerability in Windows File Explorer exposes sensitive information enabling spoofing attacks over the network, directly facilitating Adversary-in-the-Middle (T1557) by allowing an attacker to leverage the disclosed data for positioning in network communications.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Deeper analysisAI

CVE-2025-24071, published on 2025-03-11, is a vulnerability in Microsoft Windows File Explorer that exposes sensitive information to an unauthorized actor, enabling spoofing attacks over a network. Classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), it carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact.

An unauthorized attacker can exploit this vulnerability remotely over the network using low-complexity techniques that require no privileges, though user interaction is necessary. Exploitation allows the attacker to access sensitive information, supporting spoofing without impacting integrity or availability.

Microsoft's Security Response Center (MSRC) provides an update guide for mitigation at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071. Vicarius has published related resources, including a detection script at https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip and a mitigation script at https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script.

Details

CWE(s): CWE-200

Affected Products

microsoft

windows 10 1507

≤ 10.0.10240.20947 · ≤ 10.0.10240.20947

microsoft

windows 10 1607

≤ 10.0.14393.7876 · ≤ 10.0.14393.7876

microsoft

windows 10 1809

≤ 10.0.17763.7009 · ≤ 10.0.17763.7009

microsoft

windows 11 23h2

≤ 10.0.22631.5039

microsoft

windows 11 24h2

≤ 10.0.26100.3476 · ≤ 10.0.26100.3476

microsoft

windows server 2012

microsoft

windows server 2016

≤ 10.0.14393.7876

microsoft

windows server 2019

≤ 10.0.17763.7009

microsoft

windows server 2022

≤ 10.0.20348.3328

microsoft

windows server 2022 23h2

≤ 10.0.25398.1486

+1 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-20805Same product: Microsoft Windows 10 1607

CVE-2025-24054Same product: Microsoft Windows 10 1507

CVE-2025-24984Same product: Microsoft Windows 10 1507

CVE-2025-21378Same product: Microsoft Windows 10 1507

CVE-2025-21420Same product: Microsoft Windows 10 1507

CVE-2025-24044Same product: Microsoft Windows 10 1507

CVE-2025-21293Same product: Microsoft Windows 10 1507

CVE-2025-21281Same product: Microsoft Windows 10 1507

CVE-2025-49687Same product: Microsoft Windows 10 1507

CVE-2026-21260Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071
Vendor Advisory · secure@microsoft.com
https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip
Exploit, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script
Mitigation, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108