CVE-2025-24996

Summary

CVE-2025-24996 is a newly disclosed vulnerability affecting Windows NTLM. Hackers can exploit this external control of file name or path vulnerability to carry out file spoofing attacks over a network. This means an unauthorized attacker can trick users into believing they are interacting with a legitimate file or system, potentially leading to theft of sensitive information or system compromise. The precise impact of this vulnerability depends on the specific context of the targeted environment, but it presents a significant risk for organizations that rely on NTLM authentication. Microsoft has not yet released a patch to address this issue, leaving affected systems open to potential attacks. Organizations are urged to implement workarounds or upgrade to more secure authentication methods to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.