CVE-2025-59214

MEDIUM

Windows File Explorer - Unauthorized Sensitive Information Exposure via Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59214. PoCs published by rubenformation.

AI-analyzed exploit summary This repository contains a functional PowerShell script that generates a malicious .LNK file to trigger NTLMv2-SSP hash disclosure in Windows File Explorer. The exploit bypasses a patch by using a remote SMB-hosted binary file to force Explorer to fetch PE icons, leaking authentication hashes.

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Exploits (1)

github WORKING POC 52 stars

by rubenformation · powershellpoc

https://github.com/rubenformation/CVE-2025-50154

View Code ZIP pw:eip

This repository contains a functional PowerShell script that generates a malicious .LNK file to trigger NTLMv2-SSP hash disclosure in Windows File Explorer. The exploit bypasses a patch by using a remote SMB-hosted binary file to force Explorer to fetch PE icons, leaking authentication hashes.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Windows File Explorer (explorer.exe)

No auth needed

Prerequisites: Access to a remote SMB server hosting a binary file · Ability to deliver the .LNK file to the victim's system

MITRE ATT&CK

T1187 - Forced Authentication T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources

https://cymulate.com/blog/ntlm-leak-cve-2025-59214/

Various Sources

https://github.com/rubenformation/CVE-2025-50154/

View Exploit ZIP pw:eip

Various Sources

https://www.vicarius.io/vsociety/posts/cve-2025-59214-detection-script-windows-file-explorer-spoofing-vulnerability

Various Sources

https://www.vicarius.io/vsociety/posts/cve-2025-59214-mitigation-script-windows-file-explorer-spoofing-vulnerability

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59214

Scores

CVSS v3 6.5

EPSS 0.0182

EPSS Percentile 75.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (44)

Microsoft/Windows 10 Version 1507 10.0.10240.0 - 10.0.10240.21161

Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.8519

Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.7919

Microsoft/Windows 10 Version 21H2 10.0.19044.0 - 10.0.19044.6456

Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.6456

Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.6060

Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.6060

Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.6060

Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.6899

Microsoft/Windows 11 Version 25H2 10.0.26200.0 - 10.0.26200.6899

... and 34 more

Published Oct 14, 2025

Tracked Since Feb 18, 2026