CISA Adds NTLM Vulnerability to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) of the United States added a medium-severity vulnerability (CVSSv3: 6.5), identified as CVE-2025-24054, to its Known Exploited Vulnerabilities (KEV) Catalog last Thursday. This NTLM vulnerability is being exploited for hash theft in Windows systems.