Security News > 2025 > April > Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
2025-04-17 12:24

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems,” Check Point researchers have shared. About CVE-2025-24054 CVE-2025-24054 allows attackers to capture the NTLMv2 response (i.e., the NTLMv2-SSP … More → The post Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2025/04/17/windows-ntlm-vulnerability-exploited-in-multiple-attack-campaigns-cve-2025-24054/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-03-11 CVE-2025-24054 External Control of File Name or Path vulnerability in Microsoft products
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
network
low complexity
microsoft CWE-73
5.4
5.4