CVE-2025-32706HIGH 7.8CISA KEVEPSS p77.5%

CVE-2025-32706Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Microsoft / Windows

Description

Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.

Scoring

CVSS 3.17.8 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.94% probability of exploitation · percentile 77.5% · 2026-06-18T12:00:27Z
Published2025-05-13
Last modified2025-10-27

CISA KEV entry

Added to KEV: 2025-05-13

Underlying weaknesses· 1

CWE-20

References

  1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706
  2. https://www.vicarius.io/vsociety/posts/cve-2025-32706-detection-script-elevation-of-privilege-vulnerability-in-microsoft-windows-common-log-file-system-driver
  3. https://www.vicarius.io/vsociety/posts/cve-2025-32706-mitigation-script-elevation-of-privilege-vulnerability-in-microsoft-windows-common-log-file-system-driver
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32706

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMicrosoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerabilitykev-cve-2025-327060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
CVE
CVE-2026-40397
CVE
CVE-2023-23376
CVE
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CVE
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
CVE
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.