CVE-2025-24991 is a security vulnerability identified as an out-of-bounds read (CWE-125) in the NTFS file system driver of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The flaw arises when the NTFS component improperly handles certain file system operations, allowing an attacker with authorized local access to read memory beyond the allocated buffer boundaries. This can lead to disclosure of sensitive information residing in adjacent memory areas. The vulnerability requires the attacker to have local access and to perform some form of user interaction, but does not require elevated privileges, making it accessible to standard users on the system. The vulnerability does not impact system integrity or availability but compromises confidentiality. The CVSS v3.1 base score is 5.5, reflecting medium severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The scope is unchanged (S:U), and the impact is high on confidentiality (C:H), none on integrity (I:N) and availability (A:N). No public exploits or patches are currently known or available. This vulnerability was reserved in January 2025 and published in March 2025. It affects only the initial release version of Windows 10, which is largely superseded by newer versions but may still be in use in some legacy or embedded environments.

The primary impact of CVE-2025-24991 is unauthorized disclosure of sensitive information due to out-of-bounds memory reads in the NTFS driver. This can lead to leakage of data that may include system information, user data, or other sensitive content residing in memory. Since the vulnerability requires local access and user interaction, remote exploitation is not feasible, limiting the attack surface. However, in environments where multiple users share systems or where attackers have gained limited local access, this vulnerability could be leveraged to escalate information gathering capabilities. The lack of impact on integrity and availability means the system’s operation and data modification are not directly threatened. Organizations running Windows 10 Version 1507, especially in legacy or specialized systems, face confidentiality risks. The medium severity score reflects this moderate risk. The absence of known exploits reduces immediate threat but does not eliminate future risk once exploit code becomes available. The vulnerability could be used as part of a multi-stage attack to gather intelligence for further exploitation.

Given the absence of an official patch, organizations should implement several practical mitigations: 1) Upgrade affected systems from Windows 10 Version 1507 to a supported and updated Windows version to eliminate exposure. 2) Restrict local user access to trusted personnel only, minimizing the risk of unauthorized local exploitation. 3) Employ application whitelisting and endpoint protection to detect and block suspicious activities that might attempt to trigger the vulnerability. 4) Monitor system logs and user activities for unusual behavior indicative of exploitation attempts. 5) Disable or limit NTFS file system access for untrusted users or sandbox potentially risky user actions. 6) Prepare to deploy patches promptly once Microsoft releases an official fix. 7) Conduct regular security awareness training to reduce risky user interactions that could facilitate exploitation. These steps go beyond generic advice by focusing on access control, monitoring, and proactive system upgrades specific to this vulnerability’s characteristics.