Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Description: Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
The **CVSS Base Score** is a score from **0 to 10** that represents the intrinsic severity of a vulnerability. A higher score indicates greater severity.
Database CWE: v4.18
CWE-122: Heap-based Buffer Overflow ↗
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-190: Integer Overflow or Wraparound ↗
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Fonte: MITRE CWE
The **EPSS (Exploit Prediction Scoring System)** is a score from **0 to 1** that indicates the **probability** that a vulnerability will be exploited in the real world in the next 30 days. A higher value indicates a greater likelihood of exploitation.
The **Percentile** indicates how much higher this vulnerability's EPSS score is compared to all other vulnerabilities in the EPSS database. For example, a percentile of 0.90 (90%) means that 90% of vulnerabilities have an EPSS score equal to or lower than the current one.
*Data updated as of: 2025-12-13
The **CISA KEV Catalog** lists vulnerabilities that have been **actively exploited in the real world**. If a CVE is present in this catalog, it indicates that the threat is immediate and mitigation should be a top priority.
CVE **CVE-2025-24985** **IS PRESENT** in the CISA KEV Catalog!
HTTP error from GitHub (Code: 403)