CVE Vulnerabilities

CVE-2025-2489

Insecure Storage of Sensitive Information

Published: Mar 18, 2025 | Modified: Mar 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.

Weakness

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References