CVE-2025-32706 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

Weakness Enumeration

CWE-ID	CWE Name
CWE-20	Improper Input Validation

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4052::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3989::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3989::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4061::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4851::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3932::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1791::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1791::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7678::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8330::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2894::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7699::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4946::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.4652::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3775::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1791::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8066::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4052::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3989::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.4052::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7314::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.3692::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.8246::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7558::::-::x64:*
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3194::::-::x64:*
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7678::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7678::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6216::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6216::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6216::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6216::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5768::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5768::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4946::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4946::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6216::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5768::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4851::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6216::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5768::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4851::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1611:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1551:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1486:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1425:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1665:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1369:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1732:::::-:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1668:::::-:x64:*
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7558::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21073::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5624::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5624::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.6093::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8246::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4652::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4652::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.4270::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3981::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.6093::::::x64:

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined