Security Update News
Update Information
| Title | About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities |
|---|---|
| Update ID | AVLEONOV:6FCACC7BADE7C9C82195D0FD0D3DEB8A |
| Type | avleonov |
| Published | 2025-06-10T12:14:54 |
| Last Updated | 2025-06-10T12:14:54 |
Security Impact
| CVSS Score | 7.8 |
|---|---|
| Severity | HIGH |
| Attack Vector | LOCAL |
Affected CVEs
- CVE-2025-29824
- CVE-2025-32701
- CVE-2025-32706
Update Details
**About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities.** When Microsoft disclosed these vulnerabilities in the May Patch Tuesday, attackers were already exploiting them in the wild. The Common Log File System (CLFS) is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode.
The impact of exploiting these vulnerabilities is identical: an attacker can gain SYSTEM privileges. Their CVSS vectors are also the same (Base Score: 7.8).
What’s the difference? Bug type: for CVE-2025-32701 it’s CWE-416: Use After Free, while for CVE-2025-32706 it’s CWE-20: Improper Input Validation. CVE-2025-32701 credits MSTIC, while CVE-2025-32706 credits Google TIG and CrowdStrike ART.
No public exploits or exploitation details yet.  But these vulns are likely being used in ransomware attacks, just like the EoP in CLFS (CVE-2025-29824) from April MSPT. 
На русском