CVE-2025-24996: 
vulnerability analysis and mitigation

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. This vulnerability (CVE-2025-24996) was disclosed on March 11, 2025, affecting multiple versions of Windows operating systems including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability is classified with a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is categorized under CWE-73 (External Control of File Name or Path) (AttackerKB).

The vulnerability primarily affects confidentiality (rated as High) while having no direct impact on integrity or availability. When successfully exploited, it allows attackers to perform spoofing operations over a network, potentially leading to unauthorized access to sensitive information (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. Updates are available through various KB articles including KB5053594, KB5053596, KB5053598, KB5053599, KB5053602, KB5053603, KB5053606, KB5053618, KB5053886, and KB5053887 (Rapid7).