CVE-2025-24993 - Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

Microsoft | Windows

• Date Added:
• 2025-03-11

• Due Date:
• 2025-04-01

Vulnerability Name

Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

Description

Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that could allow an authorized attacker to execute code locally.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24993

Latest Security News

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

North Korean Lazarus hackers infect hundreds via npm packages

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks

Windows 10 KB5053606 update fixes broken SSH connections

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws

Windows 11 KB5053598 & KB5053602 cumulative updates released

Microsoft replacing Remote Desktop app with Windows App in May

MassJacker malware uses 778,000 wallets to steal cryptocurrency

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumAbsence of Anti-CSRF Tokens

MediumMissing Anti-clickjacking Header

MediumContent Security Policy (CSP) Header Not Set

InformationalInformation Disclosure - Suspicious Comments

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

HighPII Disclosure

InformationalModern Web Application

Latest CVE List

CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability

CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability

CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability

CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability

CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability

CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability

CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability

CVE-2024-13159 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

CVE-2024-13160 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

CWE-1426 Improper Validation of Generative AI Output

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-1125 Excessive Attack Surface

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

CWE-1230 Exposure of Sensitive Information Through Metadata

CWE-1298 Hardware Logic Contains Race Conditions

CWE-1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters

CWE-1101 Reliance on Runtime Component in Generated Code