CVE-2025-29824 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Exploit added

April 8, 2025

Action due

April 29, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::arm64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3107::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5371::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5371::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5487::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.2894::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5487::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6893::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6775::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.2894::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3107::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3107::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4751::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4890::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4890::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4751::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2201:::::::*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7606:::::::*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7428:::::::*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2966:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6659:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2762:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6414:::::::*
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6659::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24768::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2803::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24919::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3287::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24975::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2928::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3046::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2565::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.1999::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3406::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7515::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.25031::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7259::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6897::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7336::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6796::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6981::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5356::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3532::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.25073::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5291::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6351::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4886::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4946::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5066::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4467::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6167::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5125::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5850::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5648::::standard::x64:*

Details

Source:
NVD

Published:
April 8, 2025

Updated:
April 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined