Back to KEVs

CVE-2025-32706

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
April 09, 2025
Published Date
May 13, 2025
Last Updated
May 29, 2025
Vendor
Microsoft
Product
Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Description
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Tags
windows cisa microsoft

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

EPSS Score

Score
10.51% (Percentile: 92.84%) as of 2025-06-10

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-13 00:00:00 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

Known Exploited Vulnerability Information

Source Added Date
CISA 2025-05-13 00:00:00 UTC

Recent Mentions

Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)

Source: Tenable Blog • Published: 2025-06-10 17:44:53 UTC

9Critical56Important0Moderate0LowMicrosoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild.Microsoft addresses 65 CVEs in its June 2025 Patch Tuesday release, with nine rated critical, and 56 rated as important. Our counts omitted one vulnerability reported by CERT CC.This month’s update includes patches for:.NET and Visual StudioApp Control for Business (WDAC)Microsoft AutoUpdate (MAU)Microsoft Local Security Authority Server (lsasrv)Microsoft OfficeMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office PowerPointMicrosoft Office SharePointMicrosoft Office WordNuance Digital Engagement PlatformPower AutomateRemote Desktop ClientVisual StudioWebDAVWindows Common Log File System DriverWindows Cryptographic ServicesWindows DHCP ServerWindows DWM Core LibraryWindows HelloWindows InstallerWindows KDC Proxy Service (KPSSVC)Windows KernelWindows Local Security Authority (LSA)Windows Local Security Authority Subsystem Service (LSASS)Windows MediaWindows NetlogonWindows Recovery DriverWindows Remote Access Connection ManagerWindows Remote Desktop ServicesWindows Routing and Remote Access Service (RRAS)Windows SDKWindows SMBWindows Security AppWindows ShellWindows Standards-Based Storage Management ServiceWindows Storage Management ProviderWindows Storage Port DriverWindows Win32K GRFXRemote code execution (RCE) vulnerabilities accounted for 38.5% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities at 26.2%.ImportantCVE-2025-33053 | Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution VulnerabilityCVE-2025-33053 is a RCE in Web Distributed Authoring and Versioning (WebDAV). It was assigned a CVSSv3 score of 8.8 and is rated important. An attacker could exploit this vulnerability through social engineering, by convincing a target to open a malicious URL or file. Successful exploitation would give the attacker the ability to execute code on the victim’s...
5Critical66Important0Moderate0LowMicrosoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important.This month’s update includes patches for:.NET, Visual Studio, and Build Tools for Visual StudioActive Directory Certificate Services (AD CS)AzureAzure AutomationAzure DevOpsAzure File SyncAzure Storage Resource ProviderMicrosoft Brokering File SystemMicrosoft DataverseMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Edge (Chromium-based)Microsoft OfficeMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office PowerPointMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Power AppsMicrosoft Scripting EngineRemote Desktop Gateway ServiceRole: Windows Hyper-VUniversal Print Management ServiceUrlMonVisual StudioVisual Studio CodeWeb Threat Defense (WTD.sys)Windows Ancillary Function Driver for WinSockWindows Common Log File System DriverWindows Deployment ServicesWindows DriversWindows DWMWindows File ServerWindows FundamentalsWindows Hardware Lab KitWindows InstallerWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows MediaWindows NTFSWindows Remote DesktopWindows Routing and Remote Access Service (RRAS)Windows Secure Kernel ModeWindows SMBWindows Trusted Runtime Interface DriverWindows Virtual Machine BusWindows Win32K - GRFXRemote code execution (RCE) vulnerabilities accounted for 39.4% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 25.4%.ImportantCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege VulnerabilitiesCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Each was assigned a CVSSv3 score of 7.8 and are rated as important. Both CVE-2025-32701 and CVE-2025-32706 were...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Source: All CISA Advisories • Published: 2025-05-13 12:00:00 UTC

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability CVE-2025-32706 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public