CVE-2025-29824 - Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Project:Microsoft
Product:Windows
Date Added:2025-04-08Due Date:2025-04-29
Vulnerability Name
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Description
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824
https://nvd.nist.gov/vuln/detail/CVE-2025-29824
Related News Articles
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx MalwareAugust 19, 2025
Ransomware gangs join ongoing SAP NetWeaver attacksMay 15, 2025
BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic TrojanMay 15, 2025
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps ServerMay 14, 2025
Play ransomware exploited Windows logging flaw in zero-day attacksMay 7, 2025