CVE-2025-24985 : Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

Published 2025-03-11 16:59:19

Updated 2025-03-14 20:35:43

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2025-24985

Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X64
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X86
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 6.2.9200.0 and before (<) 6.2.9200.25368
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2
Versions before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1607 » For X86
Versions before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1607 » For X64
Versions before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For X64
Versions before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For X86
Versions before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h2
Versions before (<) 10.0.19044.5608
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2
Versions before (<) 10.0.19045.5608
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1507 » For X64
Versions before (<) 10.0.10240.20947
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1507 » For X86
Versions before (<) 10.0.10240.20947
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 11 23h2
Versions before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 23h2 » For X64
Versions before (<) 10.0.25398.1486
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 24h2
Versions before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2025 » For X64
Versions before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*
Matching versions

CVE-2025-24985 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability

CISA required action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA description:

Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.

Notes:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24985

Added on 2025-03-11 Action due date 2025-04-01

Exploit prediction scoring system (EPSS) score for CVE-2025-24985

EPSS FAQ

2.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-24985

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	Microsoft Corporation	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	Microsoft Corporation	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	MS-CVE-2025-24985	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2025-24985

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: secure@microsoft.com (Primary)
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Assigned by:
- nvd@nist.gov (Primary)
- secure@microsoft.com (Primary)

References for CVE-2025-24985

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985

CVE-2025-24985 - Security Update Guide - Microsoft - Windows Fast FAT File System Driver Remote Code Execution Vulnerability
Patch;Vendor Advisory