CVE-2025-24071

Microsoft Windows File Explorer Spoofing Vulnerability

CVSS 6.5 MEDIUMEPSS 25.1%CWE-200

Vexday Risk Score

38Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.5EPSS 25.1%KEV nãoPoC públicaPatch referenciado

Lifecycle

11 Mar 2025Published on NVD

16 Mar 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Affected products

Microsoft · Windows 10 Version 1507 Microsoft · Windows 10 Version 1607 Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 21H2 Microsoft · Windows 10 Version 22H2 Microsoft · Windows 11 version 22H2 Microsoft · Windows 11 version 22H3 Microsoft · Windows 11 Version 23H2 Microsoft · Windows 11 Version 24H2 Microsoft · Windows Server 2012 R2 Microsoft · Windows Server 2012 R2 (Server Core installation)Microsoft · Windows Server 2016 Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019 Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022 Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)Microsoft · Windows Server 2025 Microsoft · Windows Server 2025 (Server Core installation)

public PoCs found — 24

githubgithub.com/0x6rss/CVE-2025-24071_PoC★ 403 githubgithub.com/ThemeHackers/CVE-2025-24071★ 33 githubgithub.com/Marcejr117/CVE-2025-24071_PoC★ 25 githubgithub.com/FOLKS-iwd/CVE-2025-24071-msfvenom★ 25 githubgithub.com/fsoc-ghost-0x/Fsociety-CVE-2025-24071-NTLM-Coercion★ 4 githubgithub.com/ex-cal1bur/SMB_CVE-2025-24071★ 3 githubgithub.com/TH-SecForge/CVE-2025-24071★ 3 githubgithub.com/LOOKY243/CVE-2025-24071-PoC★ 2 githubgithub.com/ctabango/CVE-2025-24071_PoCExtra★ 2 githubgithub.com/cesarbtakeda/Windows-Explorer-CVE-2025-24071★ 1 githubgithub.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-★ 1 githubgithub.com/Abdelrahman0Sayed/CVE-2025-24071★ 1 githubgithub.com/rubbxalc/CVE-2025-24071★ 1 githubgithub.com/zbs54/Blackash-CVE-2025-24071★ 0 githubgithub.com/Royall-Researchers/CVE-2025-24071★ 0 githubgithub.com/ephunter/CVE-2025-24071-Exploit★ 0 githubgithub.com/AC8999/CVE-2025-24071★ 0 githubgithub.com/f4dee-backup/CVE-2025-24071★ 0 githubgithub.com/aleongx/CVE-2025-24071★ 0 githubgithub.com/pswalia2u/CVE-2025-24071_POC★ 0 githubgithub.com/hyperchk/CVE-2025-24071-POC★ 0 githubgithub.com/Fomovet/cve-2025-24071★ 0 exploitdbwww.exploit-db.com/exploits/52310unverified exploitdbwww.exploit-db.com/exploits/52325unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071 https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script