CVE-2025-24985 PoC — Microsoft Windows Fast Fat Driver 安全漏洞

Source

https://github.com/airbus-cert/cve-2025-24985

Associated Vulnerability

Title:Microsoft Windows Fast Fat Driver 安全漏洞 (CVE-2025-24985)
Description:Microsoft Windows Fast Fat Driver是美国微软（Microsoft）公司的一个完整的文件系统，它解决了各种问题，例如在磁盘上存储数据、与缓存管理器交互以及处理各种 I/O 操作，例如文件创建、对文件执行读/写、设置文件信息以及对文件系统执行控制操作。 Microsoft Windows Fast Fat Driver存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Wi

Description

Detection of malicious VHD files for CVE-2025-24985

Readme

# cve-2025-24985

Compute the number of cluster of a VHD file to detect overflow.

Supportted boot sectors:
- [x] MBR
- [x] GPT

## Usage

```sh
python -m cve_2025_24985 -f <path/to/file.vhd>
```

## Setup
### Nix

```sh
# With direnv:
direnv allow

# Or Without direnv:
nix develop
```

### Peotry

WIP

### Docker

WIP

## TODO:

- [x] Auto build libvhdi with poetry
- [ ] Setup poetry install
- [ ] Fix dockerfile with pyvhdi dependency

File Snapshot


 [4.0K]  /data/pocs/10e82a7ea13057c90e5ef465ef00c197ec365b82
├── [4.0K]  cve_2025_24985
│   ├── [2.2K]  bpb.py
│   ├── [1.3K]  cli.py
│   ├── [3.0K]  dosmbr.py
│   ├── [   0]  __init__.py
│   ├── [  63]  __main__.py
│   └── [1.7K]  uint32.py
├── [ 572]  Dockerfile
├── [4.5K]  flake.lock
├── [2.6K]  flake.nix
├── [ 539]  Makefile
├── [9.7K]  poetry.lock
├── [ 436]  pyproject.toml
└── [ 440]  README.md

1 directory, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!