IsItPatchedInstant security status for any software version
← All products

CVE-2025-24984

MEDIUM severity · CVSS 4.6 · CWE-532 · actively exploited (CISA KEV)
4.6CVSS MEDIUM ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2025-03-11. US federal agencies must patch by 2025-04-01.

Summary

Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

Impact & exploitability

Attack vectorPhysical
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)4%

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products we track (2)

Windows Server 2022Windows Server 2025

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Official patch: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984 ↗

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC