Impact
This vulnerability exposes the Windows NTLM protocol to external manipulation of file name or path parameters, allowing an attacker to masquerade as another local account or service. The flaw is a form of improper input validation, classified as CWE‑73. A successful exploitation could enable an attacker to impersonate system users or services, potentially gaining unauthorized access to resources or executing commands with the impersonated account’s privileges, but the description does not confirm full remote code execution.
Affected Systems
Microsoft Windows 10 operating systems from version 1607 through 22H2, Windows 11 operating systems including 22H3 and from 23H2 onwards, and Microsoft Windows Server editions including 2012 R2, 2016, 2019, 2022 and 2025. All 32‑bit and 64‑bit builds for these release lines are affected.
Risk and Exploitability
The CVSS score of 3.3 indicates a low risk. The EPSS score of 11% shows a moderate likelihood of exploitation currently observed. The vulnerability has not been listed in the CISA KEV catalog, suggesting no known or widely exploited attacks. The likely attack vector is local or within a network where NTLM authentication is used; no remote exploitation pathway is described.
OpenCVE Enrichment