Summary: CISA has added a medium-severity vulnerability in Microsoft Windows (CVE-2025-24054) to its Known Exploited Vulnerabilities catalog due to active exploitation. This NTLM hash disclosure spoofing vulnerability allows attackers to extract sensitive authentication data with minimal user interaction. Microsoft has recommended immediate patching to mitigate risks associated with this flaw.
Affected: Microsoft Windows
Keypoints :
- CVE-2025-24054 has a CVSS score of 6.5 and involves unauthorized network spoofing.
- The vulnerability can be triggered through minimal actions with specially crafted files.
- Active exploitation of the vulnerability has been observed in multiple campaigns targeting institutions in Poland and Romania.
- Immediate patch application is crucial to protect against potential exploits and lateral movement attacks.
Source: https://thehackernews.com/2025/04/cve-2025-24054-under-active.html