Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-24985 PoC — Windows Fast FAT File System Driver Remote Code Execution Vulnerability

Source
https://github.com/airbus-cert/cve-2025-24985
Associated Vulnerability
Title:Windows Fast FAT File System Driver Remote Code Execution Vulnerability (CVE-2025-24985)
Description:Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Description
Detection of malicious VHD files for CVE-2025-24985
Readme
# cve-2025-24985

Compute the number of cluster of a VHD file to detect overflow.

Supportted boot sectors:
- [x] MBR
- [x] GPT

## Usage

```sh
python -m cve_2025_24985 -f <path/to/file.vhd>
```

## Setup
### Nix

```sh
# With direnv:
direnv allow

# Or Without direnv:
nix develop
```

### Peotry

WIP

### Docker

WIP

## TODO:

- [x] Auto build libvhdi with poetry
- [ ] Setup poetry install
- [ ] Fix dockerfile with pyvhdi dependency
File Snapshot

 [4.0K]  /data/pocs/10e82a7ea13057c90e5ef465ef00c197ec365b82
├── [4.0K]  cve_2025_24985
│   ├── [2.2K]  bpb.py
│   ├── [1.3K]  cli.py
│   ├── [3.0K]  dosmbr.py
│   ├── [   0]  __init__.py
│   ├── [  63]  __main__.py
│   └── [1.7K]  uint32.py
├── [ 572]  Dockerfile
├── [4.5K]  flake.lock
├── [2.6K]  flake.nix
├── [ 539]  Makefile
├── [9.7K]  poetry.lock
├── [ 436]  pyproject.toml
└── [ 440]  README.md

1 directory, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →