Main Vulnerability Database SB2025031158

SB2025031158 - Information disclosure in Windows NTFS

Published: March 11, 2025

Security Bulletin ID SB2025031158

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-24984)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. An attacker with physical access to the system can read the log files and gain access to sensitive data.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-24984