CVE-2025-24993
Published: 11 March 2025
Summary
CVE-2025-24993 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 14.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-24993 is a heap-based buffer overflow vulnerability, tracked under CWE-122, that affects the Windows NTFS file system component. The flaw carries a CVSS 3.1 base score of 7.8 and permits an attacker to execute arbitrary code on an affected system.
An unauthorized local attacker can exploit the issue by supplying a malicious file or disk image that triggers the overflow when processed by NTFS. Successful exploitation grants the attacker the ability to run code with the privileges of the affected process, resulting in full control over confidentiality, integrity, and availability on the target host.
Microsoft’s advisory at msrc.microsoft.com details the availability of security updates that address the vulnerability, while CISA has added CVE-2025-24993 to its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation and requiring federal agencies to apply mitigations within prescribed timelines.
EPSS scores for the CVE rose from an initial low value to a recorded peak of 0.0344 before settling at the current 0.0249, indicating emerging exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6318
Vulnerability details
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- CWE(s)
- KEV Date Added
- 11 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local heap buffer overflow in NTFS triggered by opening a malicious file, directly enabling user execution of arbitrary code without requiring privileges or remote access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly eliminates the heap-based buffer overflow vulnerability in Windows NTFS by applying vendor-provided patches as referenced in Microsoft's update guide.
Implements memory safeguards such as ASLR and DEP to protect against unauthorized code execution resulting from the NTFS heap buffer overflow.
Validates file inputs processed by the NTFS file system to mitigate heap buffer overflows triggered by malformed files requiring user interaction.