← back
CVE-2025-32701

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 1.3%● KEVCWE-416
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 1.3%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
13 May 2025Active exploitation (CISA KEV)
13 May 2025Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Windows' logging system lets someone who already has access to your computer gain higher privileges and control more of the system. This is serious because it allows attackers to take full control of your machine.

Technical detail

Use-after-free vulnerability in the Windows Common Log File System Driver (CLFS) allows an authenticated local attacker to execute arbitrary code with elevated privileges. The vulnerability requires prior local access but results in privilege escalation, enabling full system compromise.

Summary generated and translated by AI from the official description.
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →