CVE-2025-24054NVD

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Severity Level

MEDIUM(6.5)

Published Date

Mar 11, 2025

Last Modified

May 29, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone