CVE-2025-24985

HIGH KEV

Windows Fast FAT Driver - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-24985 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 11, 2025. EIP tracks 1 public exploit from researchers including airbus-cert.

AI-analyzed exploit summary This repository contains a scanner tool for detecting potential integer overflow vulnerabilities in VHD files (CVE-2025-24985). It analyzes the BIOS Parameter Block (BPB) and partition tables (MBR/GPT) to compute the number of clusters and check for overflow conditions.

Description

Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

Exploits (1)

nomisec SCANNER 2 stars
by airbus-cert · poc
https://github.com/airbus-cert/cve-2025-24985

This repository contains a scanner tool for detecting potential integer overflow vulnerabilities in VHD files (CVE-2025-24985). It analyzes the BIOS Parameter Block (BPB) and partition tables (MBR/GPT) to compute the number of clusters and check for overflow conditions.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: VHD file parsing libraries (e.g., libvhdi)
No auth needed
Prerequisites: Access to a VHD file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.8
EPSS 0.0206
EPSS Percentile 84.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-03-11
VulnCheck KEV 2025-03-11
ENISA EUVD EUVD-2025-6321
CWE
CWE-190 CWE-122
Status published
Products (17)
microsoft/windows_10_1507 < 10.0.10240.20947 (2 CPE variants)
microsoft/windows_10_1607 < 10.0.14393.7876 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.7009 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.5608
microsoft/windows_10_22h2 < 10.0.19045.5608
microsoft/windows_11_22h2 < 10.0.22621.5039
microsoft/windows_11_23h2 < 10.0.22631.5039
microsoft/windows_11_24h2 < 10.0.26100.3403
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2 sp1
... and 7 more
Published Mar 11, 2025
KEV Added Mar 11, 2025
Tracked Since Feb 18, 2026