Elevation of Privilege Vulnerability in Microsoft Windows Common Log File System Driver
CVE-2025-32706
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 13 May 2025
Badges
What is CVE-2025-32706?
An improper input validation vulnerability in the Windows Common Log File System Driver enables an authorized attacker to execute a local privilege escalation attack. By exploiting this flaw, attackers can gain elevated rights within the Windows operating system, potentially allowing them to execute unwarranted operations and compromise system integrity. This vulnerability highlights the importance of rigorous input validation checks within system components to mitigate unauthorized access risks.
CISA has reported CVE-2025-32706
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-32706 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21014
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8066
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7314
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved