CVE-2025-54916
ntfs.sys — stack-based buffer overflow allows remote code execution
Summary
| Field | Value |
|---|---|
| Driver | ntfs.sys |
| Vulnerability Class | Buffer Overflow (Stack) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | September 9, 2025 |
Root Cause
The NTFS driver skips structure size validation when parsing metadata from a crafted NTFS volume. A stack-based buffer overflow during metadata processing gives code execution in kernel context.
Exploitation
The attacker provides a crafted NTFS volume (VHD or physical media). When mounted, the stack overflow overwrites return addresses or other stack data for kernel code execution.
Exploitation Primitive
Crafted NTFS volume → metadata parsing → stack buffer overflow
→ kernel code execution