CVE-2025-24992

ntfs.sys — buffer over-read leaks kernel memory

Summary

Field	Value
Driver	ntfs.sys
Vulnerability Class	Information Disclosure (Buffer Over-Read)
CVSS	5.5
Exploited ITW	No
Patch Date	March 11, 2025

Root Cause

The NTFS driver skips buffer boundary checks when reading metadata from a crafted NTFS volume. A buffer over-read leaks kernel heap contents to user mode. Patched in the same cycle as the NTFS zero-days CVE-2025-24984 and CVE-2025-24991.

Exploitation

The attacker provides a crafted NTFS volume (VHD or physical media). The driver reads past buffer boundaries during metadata parsing, leaking kernel memory to user mode.

Exploitation Primitive

Crafted NTFS volume → metadata parsing → buffer over-read
  → kernel memory leak

References

• MSRC Advisory