CVE-2025-24054: Microsoft Windows NTLM Hash Disclosure Spoofing

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability. Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

• CISA KEV-listed (remediation due 2025-05-08)
• EPSS 8.0% (92.3% percentile)

Detection rules

• Suspicious Creation of .library-ms File — Potential CVE-2025-24054 Exploit medium

Browse the CVE database

Read the full analysis on IntelFusions