CVE-2025-32706 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

Weakness Enumeration

CWE-ID	CWE Name
CWE-20	Improper Input Validation

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7969::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.14393.5989::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8148::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5011::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7876::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20978::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5335::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::arm64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5335::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::arm64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8148::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7970::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5189::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7876::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7137::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3476::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21034::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5472::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5854::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5737::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7136::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5335::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22631.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5854::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8066::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5472::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7969::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7970::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.8066::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7009::::::x86:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20947::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5335::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5189::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5011::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20796::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7434::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3775::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.7314::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5472::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.21014::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5737::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5191::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5965::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5576::::::x86:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2314::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::azure::x64:*

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 16, 2025

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined