Cyber Resilience

CVE-2025-24985

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 March 2025

Published
11 March 2025
Modified
27 October 2025
KEV Added
11 March 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0206 84.3th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24985 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24985 is an integer overflow or wraparound vulnerability, tracked under CWE-122 and CWE-190, that affects the Windows Fast FAT Driver. The flaw carries a CVSS 3.1 base score of 7.8 and permits an attacker to execute arbitrary code on an affected system.

An unauthorized local attacker can trigger the issue without privileges by supplying specially crafted input that requires user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target host.

Microsoft has published an advisory at msrc.microsoft.com detailing the vulnerability, while Vicarius has released accompanying detection and mitigation scripts; the CVE is also listed in the CISA Known Exploited Vulnerabilities catalog, indicating that organizations should apply vendor patches or implement the provided workarounds promptly.

EPSS scores remain low, with a current value of 0.0206 and a peak of 0.0238.

EU & UK References

Vulnerability details

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

CWE(s)
KEV Date Added
11 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Integer overflow in Windows Fast FAT driver enables arbitrary code execution in kernel context via malicious file or volume action (T1204.002), directly facilitating local privilege escalation to full system compromise with no initial privileges required (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24993Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-21180Same product: Microsoft Windows 10 1507
CVE-2025-24990Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-59230Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-21391Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-24054Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-26633Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-21369Same product: Microsoft Windows 10 1507
CVE-2026-21533Same product: Microsoft Windows 10 1607both on KEV

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20947 · ≤ 10.0.10240.20947
microsoft
windows 10 1607
≤ 10.0.14393.7876 · ≤ 10.0.14393.7876
microsoft
windows 10 1809
≤ 10.0.17763.7009 · ≤ 10.0.17763.7009
microsoft
windows 10 21h2
≤ 10.0.19044.5608
microsoft
windows 10 22h2
≤ 10.0.19045.5608
microsoft
windows 11 22h2
≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the integer overflow vulnerability in the Windows Fast FAT Driver by requiring timely identification, reporting, and patching.

detect

Detects systems vulnerable to CVE-2025-24985 through ongoing monitoring and scanning for known flaws in the Fast FAT Driver.

prevent

Mitigates arbitrary code execution from the driver's integer overflow via memory protections like DEP and ASLR.

References