Security News > 2025 > April > Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
2025-04-17 12:24
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems,” Check Point researchers have shared. About CVE-2025-24054 CVE-2025-24054 allows attackers to capture the NTLMv2 response (i.e., the NTLMv2-SSP … More → The post Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) appeared first on Help Net Security.
News URL
Related news
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2025-24054 | Unspecified vulnerability in Microsoft products External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | 5.4 |