Elevation of Privilege Vulnerability in Microsoft Windows Common Log File System Driver
CVE-2025-32706

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 13 May 2025

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 12%🦅 CISA Reported📰 News Worthy

What is CVE-2025-32706?

An improper input validation vulnerability in the Windows Common Log File System Driver enables an authorized attacker to execute a local privilege escalation attack. By exploiting this flaw, attackers can gain elevated rights within the Windows operating system, potentially allowing them to execute unwarranted operations and compromise system integrity. This vulnerability highlights the importance of rigorous input validation checks within system components to mitigate unauthorized access risks.

CISA has reported CVE-2025-32706

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-32706 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21014

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8066

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7314

News Articles

GBHackers News

CVE-2025-32706 CVE-2025-32701

Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild

Microsoft has disclosed two critical security vulnerabilities in the Windows CLFS Driver that are currently being exploited in the wild.

CyberSecurityNews

CVE-2025-32706 CVE-2025-32701

Windows Common Log File System 0-Day Vulnerability Actively Exploited in the Wild

Microsoft has confirmed that threat actors are actively exploiting two critical vulnerabilities in the Windows Common Log File System (CLFS) driver to gain SYSTEM-level privileges on compromised systems.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
May 13, 2025
👾
Exploit known to exist
May 13, 2025
🦅
CISA Reported
May 13, 2025
📰
First article discovered by CyberSecurityNews
May 13, 2025
Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 9, 2025