CVE-2025-24985
Published: 11 March 2025
Summary
CVE-2025-24985 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-24985 is an integer overflow or wraparound vulnerability, tracked under CWE-122 and CWE-190, that affects the Windows Fast FAT Driver. The flaw carries a CVSS 3.1 base score of 7.8 and permits an attacker to execute arbitrary code on an affected system.
An unauthorized local attacker can trigger the issue without privileges by supplying specially crafted input that requires user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target host.
Microsoft has published an advisory at msrc.microsoft.com detailing the vulnerability, while Vicarius has released accompanying detection and mitigation scripts; the CVE is also listed in the CISA Known Exploited Vulnerabilities catalog, indicating that organizations should apply vendor patches or implement the provided workarounds promptly.
EPSS scores remain low, with a current value of 0.0206 and a peak of 0.0238.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6321
Vulnerability details
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- CWE(s)
- KEV Date Added
- 11 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer overflow in Windows Fast FAT driver enables arbitrary code execution in kernel context via malicious file or volume action (T1204.002), directly facilitating local privilege escalation to full system compromise with no initial privileges required (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the integer overflow vulnerability in the Windows Fast FAT Driver by requiring timely identification, reporting, and patching.
Detects systems vulnerable to CVE-2025-24985 through ongoing monitoring and scanning for known flaws in the Fast FAT Driver.
Mitigates arbitrary code execution from the driver's integer overflow via memory protections like DEP and ASLR.