The U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054.
The flaw affects Windows’ NTLM authentication protocol, creating an opportunity for unauthorized attackers to infiltrate systems via a spoofing vulnerability.
CVE-2025-24054, officially designated as a “Windows NTLM Hash Disclosure Spoofing Vulnerability,” is categorized under CWE-73: External Control of File Name or Path.
This vulnerability allows threat actors to externally control the file name or path used by Windows NTLM, potentially causing the inadvertent disclosure of hashed credentials over a network connection.
According to Microsoft’s advisory, an attacker—positioned on the same network as the victim—could exploit this vulnerability to perform credential spoofing.
By controlling the target’s file name or path, malicious actors may gain unauthorized access to sensitive systems or escalate privileges, all without the need for prior authorization.
CISA’s alert is significant: it indicates the vulnerability is not just theoretical, but is being actively exploited in the wild.
While there is currently no public evidence linking the flaw to existing ransomware campaigns, CISA notes that the attack vector is of particular concern due to the critical nature of credential-based attacks in modern cybercrimes.
“Active exploitation of this vulnerability poses a severe risk to both government and private sector organizations,” CISA wrote in its bulletin.
“Immediate action is required to prevent potential data breaches and lateral movement within affected networks.”
CISA urges organizations to follow Microsoft’s published mitigation guidance without delay. Recommended steps include:
The agency also recommends routine monitoring for unusual credential activity and implementing network segmentation to limit the impact of potential breaches.
Affected federal agencies and contractors have been given a due date of May 8, 2025, to confirm remediation of the vulnerability. Non-compliance may result in increased exposure to credential theft and subsequent intrusions.
While Microsoft investigates the full extent of the CVE-2025-24054 exploit, security professionals are urged to remain vigilant. CISA is expected to provide further updates as new threat intelligence emerges.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…