CVE-2025-24993
Published: 11 March 2025
Summary
CVE-2025-24993 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 17.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly eliminates the heap-based buffer overflow vulnerability in Windows NTFS by applying vendor-provided patches as referenced in Microsoft's update guide.
Implements memory safeguards such as ASLR and DEP to protect against unauthorized code execution resulting from the NTFS heap buffer overflow.
Validates file inputs processed by the NTFS file system to mitigate heap buffer overflows triggered by malformed files requiring user interaction.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local heap buffer overflow in NTFS triggered by opening a malicious file, directly enabling user execution of arbitrary code without requiring privileges or remote access.
NVD Description
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Deeper analysisAI
CVE-2025-24993 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows NTFS file system component. Published on 2025-03-11T17:16:35.797, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The flaw enables an unauthorized attacker to execute arbitrary code locally on affected Windows systems.
Exploitation requires local access to the target machine with no special privileges, low attack complexity, and user interaction, such as opening a malicious file. A successful attack allows the attacker to achieve high-impact effects on confidentiality, integrity, and availability through local code execution, though it does not result in privilege escalation.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993 provides details on patches and mitigations. The vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24993, signaling real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 11 March 2025