CISA Adds Medium-Severity Microsoft Windows Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a medium-severity security flaw affecting Microsoft Windows to its catalog of known exploited vulnerabilities (KEV) on Thursday, following reports of active exploitation in the wild. The vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), involves a disclosure of Windows NTLM (New Technology LAN Manager) hash. This flaw allows attackers to steal NTLM credentials during file downloads.