CVE-2025-2489

Summary

Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the application password, stored in /Users/user/Library/Application Support/ntfs-tool/config.json.

Affected Software

VendorProductVersion RangeStatus
NTFS ToolNtfs tool3.5.1affected

Weaknesses

  • CWE-922: CWE-922

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References