CVE-2025-21377 is a vulnerability classified under CWE-73, indicating external control of file name or path, found in Microsoft Windows 10 Version 1507 (build 10.0.10240.0). This vulnerability allows an attacker to perform NTLM hash disclosure via spoofing techniques. The attack vector is network-based (AV:N), requiring no privileges (PR:N) but does require user interaction (UI:R), such as opening a malicious file or link. The vulnerability does not affect system integrity or availability but compromises confidentiality by exposing NTLM hashes, which can be used in relay or pass-the-hash attacks to escalate privileges or move laterally within a network. The CVSS 3.1 base score is 6.5 (medium severity), reflecting the moderate impact and exploitation complexity. No patches have been officially released, and no exploits are known in the wild, but the vulnerability remains a concern for legacy Windows 10 systems. The root cause relates to improper handling of file paths or names that can be externally influenced, leading to NTLM credential leakage. This vulnerability highlights the risks of outdated operating systems and the importance of proper authentication protocol management.

For European organizations, the primary impact is the potential exposure of NTLM hashes, which can be leveraged by attackers to impersonate users and gain unauthorized access to network resources. This can lead to lateral movement within corporate networks, data breaches, and potential compromise of sensitive information. Organizations relying on legacy Windows 10 Version 1507 systems, especially in sectors like finance, healthcare, and critical infrastructure, face increased risk. The confidentiality breach could undermine compliance with GDPR and other data protection regulations. Although the vulnerability does not directly affect system integrity or availability, the indirect consequences of credential theft can be severe, including ransomware deployment or espionage. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the threat surface. The absence of known exploits in the wild provides a window for proactive mitigation.

1. Upgrade all affected systems from Windows 10 Version 1507 to a supported and patched Windows version to eliminate the vulnerability. 2. Disable or restrict NTLM authentication where possible, favoring more secure protocols like Kerberos. 3. Implement network segmentation and strict access controls to limit lateral movement if credentials are compromised. 4. Employ endpoint protection solutions capable of detecting suspicious file path manipulations and NTLM relay attempts. 5. Conduct user awareness training to reduce the risk of social engineering and phishing attacks that could trigger the required user interaction. 6. Monitor network traffic and authentication logs for unusual NTLM authentication patterns or failed attempts indicative of exploitation attempts. 7. Apply application whitelisting and restrict execution of untrusted files to minimize exposure to malicious payloads exploiting this vulnerability. 8. Use multi-factor authentication (MFA) to reduce the impact of credential theft. 9. Stay informed about official patches or updates from Microsoft and apply them promptly once available.