CVE-2025-24991 is a medium-severity vulnerability classified as an out-of-bounds read (CWE-125) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw exists within the Windows NTFS file system driver, where improper bounds checking allows an authorized local attacker to read memory beyond the intended buffer limits. This out-of-bounds read can lead to the disclosure of sensitive information residing in adjacent memory areas. The vulnerability requires local access with limited privileges (no elevated privileges needed) and some user interaction, such as opening a specially crafted file or triggering a specific NTFS operation. The CVSS v3.1 base score is 5.5, reflecting a medium impact primarily on confidentiality, with no impact on integrity or availability. Exploitation does not require privileges but does require user interaction, and the attack vector is local, limiting remote exploitation. No known exploits are currently in the wild, and no official patches or mitigations have been published at the time of disclosure. The vulnerability could be leveraged by attackers to gain unauthorized access to sensitive information stored in memory, potentially including credentials or other private data, which could facilitate further attacks or privilege escalation if combined with other vulnerabilities.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. Organizations running legacy systems or those that have not upgraded from Windows 10 Version 1809 are at risk of local information disclosure. This could affect enterprises with shared workstations, terminal servers, or environments where multiple users have access to the same machine. The information leakage could expose sensitive corporate data or user credentials, increasing the risk of insider threats or lateral movement within networks. While the vulnerability does not allow remote exploitation, the requirement for local access means that attackers would need to have some foothold within the environment, such as through phishing or physical access. Given the widespread use of Windows 10 in European businesses, especially in sectors like finance, manufacturing, and government, the vulnerability could be leveraged in targeted attacks to gather intelligence or prepare for more severe exploits. However, the medium severity and lack of known exploits reduce the immediate threat level.

European organizations should prioritize upgrading affected systems from Windows 10 Version 1809 to a more recent, supported version of Windows 10 or Windows 11 where this vulnerability is not present. In the absence of an official patch, organizations should implement strict local access controls to limit user permissions and reduce the risk of unauthorized local code execution or file manipulation. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect suspicious activities related to NTFS operations. Regularly auditing user accounts and restricting physical access to critical systems will further reduce the attack surface. Additionally, educating users about the risks of opening untrusted files or executing unknown code locally can mitigate exploitation attempts that require user interaction. Monitoring for unusual memory access patterns or anomalous NTFS activity could provide early warning signs of exploitation attempts.