CVE-2025-32701 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7969::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.14393.5989::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8148::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5011::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7876::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5335::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5335::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8148::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7970::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7876::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7137::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5472::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5335::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22631.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8066::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7969::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7970::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8066::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5011::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20796::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5472::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5576::::::x86:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2314::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::azure::x64:*

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined