Security News > 2025 > April > CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
2025-04-18 04:29
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
News URL
https://thehackernews.com/2025/04/cve-2025-24054-under-active.html
Related news
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2025-24054 | External Control of File Name or Path vulnerability in Microsoft products External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | 5.4 |