CVE-2025-32701 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3981::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5624::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8246::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3981::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5624::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8246::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2605::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3328::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4349::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3270::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7434::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3476::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3807::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8148::::::x64:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7969::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7137::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22631.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4349::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.14393.5989::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20796::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4349::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7876::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5472::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::arm64:

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined