CVE-2025-24984

EUVD-2025-6322
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
microsoftCNA
4.6 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_10_1809
𝑥
< 10.0.17763.7009
microsoftwindows_10_1809
𝑥
< 10.0.17763.7009
microsoftwindows_10_21h2
𝑥
< 10.0.19044.5608
microsoftwindows_10_22h2
𝑥
< 10.0.19045.5608
microsoftwindows_11_22h2
𝑥
< 10.0.22621.5039
microsoftwindows_11_23h2
𝑥
< 10.0.22631.5039
microsoftwindows_11_24h2
𝑥
< 10.0.26100.3403
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.7876
microsoftwindows_server_2019
𝑥
< 10.0.17763.7009
microsoftwindows_server_2022
𝑥
< 10.0.20348.3270
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.1486
microsoftwindows_server_2025
𝑥
< 10.0.26100.3403
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5053618
1607 (x64, x86)
KB5053594
1809 (x64, x86)
KB5053596
21H2 (arm64, x64, x86)
KB5053606
22H2 (arm64, x64, x86)
KB5053606
Windows 11
22H2 (arm64, x64)
KB5053602
23H2 (arm64, x64)
KB5053602
24H2 (arm64, x64)
KB5053598
Windows Server 2012
Server Core
KB5053886
Standard
KB5053886
Windows Server 2012 R2
Server Core
KB5053887
Standard
KB5053887
Windows Server 2016
Server Core
KB5053594
Standard
KB5053594
Windows Server 2019
Server Core
KB5053596
Standard
KB5053596
Windows Server 2022
23H2 Server Core
KB5053599
Server Core
KB5053603
Standard
KB5053603
Windows Server 2025
Server Core
KB5053598
Standard
KB5053598
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24984