CVE-2025-24993 : Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to ex

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

Published 2025-03-11 16:59:20

Updated 2025-03-13 14:21:59

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2025-24993

Microsoft » Windows Server 2008
Versions from including (>=) 6.1.7601.0 and before (<) 6.1.7601.27618
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008
Versions from including (>=) 6.0.6003.0 and before (<) 6.0.6003.23168
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X64
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X86
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 6.3.9600.0 and before (<) 6.3.9600.22470
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 6.2.9200.0 and before (<) 6.2.9200.25368
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions from including (>=) 10.0.10240.0 and before (<) 10.0.10240.20947
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions from including (>=) 10.0.19045.0 and before (<) 10.0.19045.5608
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions from including (>=) 10.0.19043.0 and before (<) 10.0.19044.5608
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.14393.0 and before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.17763.0 and before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions before (<) 10.0.20348.3270
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2004
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2004
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2004
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2004
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2 » For X64
Versions before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 22h2 » For Arm64
Versions before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 1607 » For X64
Versions before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1607 » For X86
Versions before (<) 10.0.14393.7876
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h1
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 21h1
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 21h1
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1809 » For X64
Versions before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For X86
Versions before (<) 10.0.17763.7009
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h2 » For X86
Versions before (<) 10.0.19044.5608
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h2 » For X64
Versions before (<) 10.0.19044.5608
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 21h2 » For Arm64
Versions before (<) 10.0.19044.5608
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 20h2
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 20h2
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 20h2
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 20h2
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2 » For Arm64
Versions before (<) 10.0.19045.5608
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 22h2 » For X86
Versions before (<) 10.0.19045.5608
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 22h2 » For X64
Versions before (<) 10.0.19045.5608
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1507 » For X86
Versions before (<) 10.0.10240.20947
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1507 » For X64
Versions before (<) 10.0.10240.20947
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 2004
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 2004
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 20h2
Versions from including (>=) 10.0.22631.0 and before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 20h2
Versions from including (>=) 10.0.20348.0 and before (<) 10.0.20348.3328
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 20h2
Versions from including (>=) 10.0.26100.0 and before (<) 10.0.26100.3476
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 20h2
Versions from including (>=) 10.0.22621.0 and before (<) 10.0.22621.5039
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 23h2 » For X64
Versions before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 23h2 » For Arm64
Versions before (<) 10.0.22631.5039
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows Server 2022 23h2 » For X64
Versions before (<) 10.0.25398.1486
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 24h2 » For X64
Versions before (<) 10.0.26100.3403
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 24h2 » For Arm64
Versions before (<) 10.0.26100.3403
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows Server 2025 » For X64
Versions before (<) 10.0.26100.3403
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*
Matching versions

CVE-2025-24993 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability

CISA required action:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA description:

Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.

Notes:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24993

Added on 2025-03-11 Action due date 2025-04-01

Exploit prediction scoring system (EPSS) score for CVE-2025-24993

EPSS FAQ

4.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-24993

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	Microsoft Corporation	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	Microsoft Corporation	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	MS-CVE-2025-24993	2025-03-11
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2025-24993

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: secure@microsoft.com (Primary)

References for CVE-2025-24993

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993

CVE-2025-24993 - Security Update Guide - Microsoft - Windows NTFS Remote Code Execution Vulnerability
Vendor Advisory