### [CVE-2025-24071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24071) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2024H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202025&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=10.0.10240.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.14393.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.17763.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.19044.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.19045.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.20348.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.22621.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.22631.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.25398.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.26100.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.3.9600.0%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brightgreen) ### Description Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. ### POC #### Reference - https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-detection-scrip - https://www.vicarius.io/vsociety/posts/cve-2025-24071-spoofing-vulnerability-in-microsoft-windows-file-explorer-mitigation-script #### Github - https://github.com/0x6rss/CVE-2025-24071_PoC - https://github.com/0xMarcio/cve - https://github.com/0xVoodoo/PoCs - https://github.com/0xsyr0/OSCP - https://github.com/AC8999/CVE-2025-24071 - https://github.com/AMatheusFeitosaM/OSCP-Cheat - https://github.com/ARPSyndicate/cve-scores - https://github.com/Andromeda254/cve - https://github.com/B1ack4sh/Blackash-CVE-2025-24071 - https://github.com/Cesar-http/Windows-Explorer-CVE-2025-24071 - https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure- - https://github.com/FOLKS-iwd/CVE-2025-24071-msfvenom - https://github.com/GhostTroops/TOP - https://github.com/J1ezds/Vulnerability-Wiki-page - https://github.com/LOOKY243/CVE-2025-24071-PoC - https://github.com/Marcejr117/CVE-2025-24071_PoC - https://github.com/PuddinCat/GithubRepoSpider - https://github.com/Royall-Researchers/CVE-2025-24071 - https://github.com/Shadrack2023/Shadrack2023 - https://github.com/TH-SecForge/CVE-2025-24071 - https://github.com/ThemeHackers/CVE-2025-24071 - https://github.com/Threekiii/Awesome-POC - https://github.com/Uriel-SG/HTB-Fluffy - https://github.com/VishuGahlyan/OSCP - https://github.com/afkfr0mkeyb0ard/CustomKaliSetup - https://github.com/aleongx/CVE-2025-24071 - https://github.com/basekilll/CVE-2025-24054_PoC - https://github.com/cesarbtakeda/Windows-Explorer-CVE-2025-24071 - https://github.com/ctabango/CVE-2025-24071_PoCExtra - https://github.com/ex-cal1bur/SMB_CVE-2025-24071 - https://github.com/f4dee-backup/CVE-2025-24071 - https://github.com/fcoomans/HTB-machines - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/grisuno/LazyOwn - https://github.com/helidem/CVE-2025-24054_CVE-2025-24071-PoC - https://github.com/jitmondal1/OSCP - https://github.com/meloppeitreet/Personal-YARA-Collection-by-meloppeitreet - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/plzheheplztrying/cve_monitor - https://github.com/pswalia2u/CVE-2025-24071_POC - https://github.com/rubbxalc/CVE-2025-24071 - https://github.com/shacojx/CVE-2025-24071-Exploit - https://github.com/tanjiti/sec_profile - https://github.com/xigney/CVE-2025-24054_PoC - https://github.com/yum1ra/CVE-2025-24054_CVE-2025-24071-PoC