CVE-2025-2489

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-storage-sensitive-information-ntfs-tool

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de almacenamiento de información inseguro en NTFS Tools versión 3.5.1. La explotación de esta vulnerabilidad podría permitir que un atacante conozca la contraseña de la aplicación, almacenada en /Users/user/Library/Application Support/ntfs-tool/config.json.

18 Mar 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-18 12:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2489

Mitre link : CVE-2025-2489

CVE.ORG link : CVE-2025-2489

JSON object : View

Products Affected

No product.

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2025-2489", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-18T12:15:15.770", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/insecure-storage-sensitive-information-ntfs-tool", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json."}, {"lang": "es", "value": "Vulnerabilidad de almacenamiento de informaci\u00f3n inseguro en NTFS Tools versi\u00f3n 3.5.1. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un atacante conozca la contrase\u00f1a de la aplicaci\u00f3n, almacenada en /Users/user/Library/Application Support/ntfs-tool/config.json."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cve-coordination@incibe.es"}