Cyber Resilience

CVE-2025-24993

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 March 2025

Published
11 March 2025
Modified
27 October 2025
KEV Added
11 March 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0249 85.6th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24993 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 14.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-24993 is a heap-based buffer overflow vulnerability, tracked under CWE-122, that affects the Windows NTFS file system component. The flaw carries a CVSS 3.1 base score of 7.8 and permits an attacker to execute arbitrary code on an affected system.

An unauthorized local attacker can exploit the issue by supplying a malicious file or disk image that triggers the overflow when processed by NTFS. Successful exploitation grants the attacker the ability to run code with the privileges of the affected process, resulting in full control over confidentiality, integrity, and availability on the target host.

Microsoft’s advisory at msrc.microsoft.com details the availability of security updates that address the vulnerability, while CISA has added CVE-2025-24993 to its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation and requiring federal agencies to apply mitigations within prescribed timelines.

EPSS scores for the CVE rose from an initial low value to a recorded peak of 0.0344 before settling at the current 0.0249, indicating emerging exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CWE(s)
KEV Date Added
11 March 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

The vulnerability is a local heap buffer overflow in NTFS triggered by opening a malicious file, directly enabling user execution of arbitrary code without requiring privileges or remote access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24985Same product: Microsoft Windows 10 1507both on KEV
CVE-2025-21418Same product: Microsoft Windows 10 1607both on KEV
CVE-2025-21180Same product: Microsoft Windows 10 1507
CVE-2025-53131Same product: Microsoft Windows 10 1809
CVE-2025-21305Same product: Microsoft Windows 10 1507
CVE-2025-21250Same product: Microsoft Windows 10 1507
CVE-2025-21339Same product: Microsoft Windows 10 1507
CVE-2025-21407Same product: Microsoft Windows 10 1507
CVE-2025-21282Same product: Microsoft Windows 10 1507
CVE-2025-21368Same product: Microsoft Windows 10 1507

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20947 · ≤ 10.0.10240.20947
microsoft
windows 10 1607
≤ 10.0.14393.7876 · ≤ 10.0.14393.7876
microsoft
windows 10 1809
≤ 10.0.17763.7009 · ≤ 10.0.17763.7009
microsoft
windows 10 21h2
≤ 10.0.19044.5608 · ≤ 10.0.19044.5608 · ≤ 10.0.19044.5608
microsoft
windows 10 22h2
≤ 10.0.19045.5608 · ≤ 10.0.19045.5608 · ≤ 10.0.19045.5608
microsoft
windows 11 22h2
≤ 10.0.22621.5039 · ≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039 · ≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403 · ≤ 10.0.26100.3403
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly eliminates the heap-based buffer overflow vulnerability in Windows NTFS by applying vendor-provided patches as referenced in Microsoft's update guide.

prevent

Implements memory safeguards such as ASLR and DEP to protect against unauthorized code execution resulting from the NTFS heap buffer overflow.

prevent

Validates file inputs processed by the NTFS file system to mitigate heap buffer overflows triggered by malformed files requiring user interaction.

References