CVE-2025-50154

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions (affected versions not specified)

Description This issue involves a security flaw in Windows File Explorer that allows an attacker to extract NTLM hashes without user interaction, even on systems with the latest security patches applied. The vulnerability stems from insufficient protection of service data when processing NTLM hashes. An attacker can exploit this by creating a specially crafted LNK file, triggering NTLM authentication requests automatically. This enables potential offline cracking or relay attacks to gain unauthorized access. The vulnerability allows for spoofing over a network and impacts the system's security. The issue is a patch bypass, meaning existing mitigations are circumvented.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.