CVE-2025-21377

6.5

MEDIUM CVSS 3.1

Cisco NTLM Hash Disclosure Spoofing

Description

NTLM Hash Disclosure Spoofing Vulnerability

INFO

Published Date :

Feb. 11, 2025, 6:15 p.m.

Last Modified :

Feb. 14, 2025, 5:40 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2025-21377 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Microsoft	windows_server_2008
2	Microsoft	windows_server_2012
3	Microsoft	windows_server_2016
4	Microsoft	windows_server_2019
5	Microsoft	windows_10_1607
6	Microsoft	windows_10_1809
7	Microsoft	windows_10_21h2
8	Microsoft	windows_10_22h2
9	Microsoft	windows_server_2022
10	Microsoft	windows_11_22h2
11	Microsoft	windows_10_1507
12	Microsoft	windows
13	Microsoft	windows_11_23h2
14	Microsoft	windows_server_2022_23h2
15	Microsoft	windows_server_23h2
16	Microsoft	windows_server_2012_r2
17	Microsoft	windows_server_2008_r2
18	Microsoft	windows_server_2008_sp2
19	Microsoft	windows_11_24h2
20	Microsoft	windows_server_2025

: Total Affected Vendor : 1 | Products : 20

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	MEDIUM				[email protected]

Solution

A vulnerability in Microsoft Windows allows for NTLM hash disclosure.

Apply the latest security updates.
Reboot the system if prompted.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-21377.

URL	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21377	Patch Vendor Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-21377 is associated with the following CWEs:

CWE-73: External Control of File Name or Path

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-21377 weaknesses.

CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-72: URL Encoding URL Encoding CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic Using UTF-8 Encoding to Bypass Validation Logic CAPEC-267: Leverage Alternate Encoding Leverage Alternate Encoding

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-21377 vulnerability anywhere in the article.

Dark Reading

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Source: Bits And Splits via ShutterstockMultiple attackers are actively exploiting a recently patched Windows vulnerability that exposes authentication credentials, despite Microsoft releasing a fix f ...

Published Date: Apr 16, 2025 (4 months, 1 week ago)

TheCyberThrone

Google Chrome was affected by CVE-2025-2783

CVE-2025-2783 is a zero-day vulnerability affecting Google Chrome, uncovered in a targeted cyber-espionage campaign known as Operation ForumTroll. This critical flaw has allowed attackers to bypass Ch ...

Published Date: Mar 27, 2025 (4 months, 4 weeks ago)

TheCyberThrone

CVE-2025-21377 NTLM Flaw Detailed out

CVE-2025-21377 is a security vulnerability in Microsoft Windows that stems from weaknesses in the implementation of the NTLM (NT LAN Manager) authentication protocol. This vulnerability exposes critic ...

Published Date: Mar 26, 2025 (4 months, 4 weeks ago)

tripwire.com

Tripwire Patch Priority Index for February 2025

Tripwire's February 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.Up first on the list are patches for Microsoft Edge (Chromium-based) that resolve 4 remote c ...

Published Date: Mar 05, 2025 (5 months, 2 weeks ago)

CrowdStrike.com

February 2025 Patch Tuesday: Four Zero-Days and Three Critical Vulnerabilities Among 67 CVEs

Microsoft has released security updates for 67 vulnerabilities in its February 2025 Patch Tuesday rollout. Among these are three Critical vulnerabilities and four zero-days affecting the Windows NTLMv ...

Published Date: Feb 27, 2025 (5 months, 4 weeks ago)

CrowdStrike.com

February 2025 Patch Tuesday: Four Zero-Days and Three Critical Vulnerabilities Among 67 CVEs

Published Date: Feb 27, 2025 (5 months, 4 weeks ago)

CrowdStrike.com

February 2025 Patch Tuesday: Four Zero-Days and Three Critical Vulnerabilities Among 67 CVEs

Published Date: Feb 27, 2025 (5 months, 4 weeks ago)

CrowdStrike.com

February 2025 Patch Tuesday: Four Zero-Days and Three Critical Vulnerabilities Among 67 CVEs

Published Date: Feb 27, 2025 (5 months, 4 weeks ago)

CrowdStrike.com