CVE-2025-24071

6.5

Medium

Published:11 Mar 2025

Last updated:17 Jun 2026

Source:secure@microsoft.com

Analyzed

Weakness (CWE)

CWE-200Exposure of Sensitive Information

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

References

secure@microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script

Return to CVE list

CVE-2025-24071

6.5

Medium

Published:11 Mar 2025

Last updated:17 Jun 2026

Source:secure@microsoft.com

Analyzed

Weakness (CWE)

CWE-200Exposure of Sensitive Information

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

References

secure@microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24071

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip

af854a3a-2127-422b-91ae-364da2661108

https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script