Microsoft – NTLM Hash Disclosure Spoofing (library-ms)

May 2, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title Microsoft – NTLM Hash Disclosure Spoofing (library-ms)
Exploit ID EDB-ID:52280
Type exploitdb
Published 2025-05-01T00:00:00
Modified 2025-05-01T00:00:00

CVSS Information

CVSS Score 6.5
Severity MEDIUM
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CVE Information

  • CVE-2025-24054

Exploit Description

Exploit title: Microsoft – NTLM Hash Disclosure Spoofing (library-ms) Exploit Author: John Page (aka hyp3rlinx) x.com/hyp3rlinx ISR: ApparitionSec Back in…

Exploit Code

# Exploit title: Microsoft – NTLM Hash Disclosure Spoofing (library-ms)

# Exploit Author: John Page (aka hyp3rlinx)

# x.com/hyp3rlinx

# ISR: ApparitionSec

Back in 2018, I reported a “.library-ms” File NTLM information disclosure vulnerability to MSRC and was told “it was not severe enough”, that being said I post it anyways.

Seven years passed, until other researchers re-reported it.

Subsequently this security flaw was finally deemed important by Microsoft and it received CVE-2025-24054, for which I was finally retroactively credited as the original reporter.

Circa 2025 updated:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054

[References]

https://web.archive.org/web/20190106181024/https://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.LIBRARY-MS-FILETYPE-INFORMATION-DISCLOSURE.txt

https://packetstorm.news/files/id/148556/

https://cxsecurity.com/issue/WLB-2018070160

[Network Access]

Remote

[Original Disclosure Timeline]

Vendor Notification: Jun 29, 2018

MSRC Response: Jul 12, 2018 “risk is not severe enough to justify immediate servicing.”

July 14, 2018 : Public Disclosure

[+] Disclaimer

The information contained within this advisory is supplied “as-is” with no warranties or guarantees of fitness of use or otherwise.

Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and

that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit

is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility

for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information

or exploits by the author or elsewhere. All content copyright (c).

hyp3rlinx

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.