The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday included a medium-level security defect affecting Microsoft Windows in its Known Exploited Vulnerabilities (KEV) registry, after receiving notifications of ongoing exploitation in the environment.
The weakness, designated with the CVE identifier CVE-2025-24054 (CVSS rating: 6.5), is related to a Windows New Technology LAN Manager (NTLM) hash leak.