CVE-2025-24984 is a vulnerability categorized under CWE-532, which involves the insertion of sensitive information into log files within the NTFS file system on Microsoft Windows 10 Version 1507 (build 10.0.10240.0). This vulnerability arises because the operating system logs sensitive data in a manner that is accessible to unauthorized users with physical access to the device. The flaw does not require any privileges or user interaction to exploit, but physical access is mandatory, making remote exploitation infeasible. The vulnerability's CVSS 3.1 base score is 4.6 (medium), reflecting a high impact on confidentiality but no impact on integrity or availability. The vector string (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates that the attack vector is physical, with low attack complexity, no privileges or user interaction needed, and unchanged scope. The vulnerability was reserved in January 2025 and published in March 2025, with no known exploits in the wild and no patches currently available. The issue primarily affects legacy Windows 10 installations, which may still be present in certain industrial, governmental, or embedded environments. The vulnerability could allow attackers to extract sensitive information such as credentials or system details from NTFS log files, potentially facilitating further attacks or data breaches.

The primary impact of CVE-2025-24984 is the unauthorized disclosure of sensitive information stored in NTFS log files on affected Windows 10 Version 1507 systems. This confidentiality breach could expose credentials, system configuration details, or other sensitive data that attackers could leverage for privilege escalation or lateral movement if they gain physical access. Since the vulnerability does not affect system integrity or availability, it does not directly disrupt operations but increases the risk of subsequent attacks. Organizations relying on legacy Windows 10 versions in critical infrastructure, industrial control systems, or environments with lax physical security are at higher risk. The requirement for physical access limits the scope of exploitation but does not eliminate risk in scenarios such as stolen or lost devices, insider threats, or unauthorized physical access to sensitive areas. The lack of available patches means the vulnerability remains exploitable until mitigations or upgrades are applied, potentially increasing exposure time.

1. Restrict physical access to devices running Windows 10 Version 1507, especially in sensitive or high-security environments, to prevent unauthorized individuals from accessing log files. 2. Implement full disk encryption (e.g., BitLocker) to protect data at rest, including log files, mitigating data disclosure if devices are stolen or lost. 3. Regularly audit and monitor NTFS log files for unexpected sensitive data entries and unusual access patterns to detect potential exploitation attempts. 4. Plan and prioritize upgrading affected systems to supported Windows versions where this vulnerability is addressed or mitigated. 5. Employ endpoint security solutions that can detect unauthorized physical access or tampering attempts. 6. Educate staff on the risks of physical device security and enforce strict policies for device handling and storage. 7. If immediate patching is unavailable, consider isolating affected systems from networks and limiting their use to reduce exposure. 8. Maintain an incident response plan that includes procedures for handling physical security breaches and sensitive data exposure.