AI description
CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.
- Description
- Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
- Exploit added on
- Apr 8, 2025
- Exploit action due
- Apr 29, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-416
- Hype score
- Not currently trending
Comment: The exploitation of zero-day vulnerabilities like CVE-2025-29824 truly underscores the need for proactive security measures. In addition to patching, how can organizations b... #RansomwareDefense https://t.co/wQoaIH3byg
@storagetechnews
12 Jun 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: The escalation of privileges via the CLFS driver vulnerability (CVE-2025-29824) highlights the importance of proactive threat hunting and anomaly detection, especially conce... #RansomwareDefense https://t.co/WMELuw3IjK
@storagetechnews
9 Jun 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Symantec's Threat Hunter Team reported that Play ransomware attackers exploited a zero-day vulnerability (CVE-2025-29824) in a U.S. organization, deploying the Grixba infostealer but no ransomware payload during the intrusion. #CyberSecurity https://t.co/MGkXuFMkV1
@Cyber_O51NT
6 Jun 2025
1390 Impressions
9 Retweets
26 Likes
3 Bookmarks
1 Reply
0 Quotes
Storm-2460 just turned your firewall into a welcome mat. 🧙♂️ CVE-2025-29824? They’re already in. Still relying on that 2012 threat report? Cute. We did the research so you don't have to. Read the newsletter. Stay ahead. 👉 https://t.co/x5v1vefCCH #AlphaHunt #Cy
@alphahunt_io
4 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting... https://t.co/dTVb9ZYiPJ
@SecurityAid
31 May 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Fixes Actively Exploited Windows CLFS Zero-Day (CVE-2025-29824) In response to the ongoing threat landscape reshaping the cybersecurity wor https://t.co/c28VwnwQ6I https://t.co/lNXfQntpBj
@AegisLens
31 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on Se...
@SecurityAid
31 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Storm-2460 just turned your firewall into a welcome mat. 🧙♂️ CVE-2025-29824? They’re already in. Still relying on that 2012 threat report? Cute. We did the research so you don't have to. Read the newsletter. Stay ahead. 👉 https://t.co/x5v1vegasf #AlphaHunt #Cyb
@alphahunt_io
24 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play ransomware gang used a Windows zero-day, CVE-2025-29824, to breach a U.S. firm before Microsoft issued a security patch. #CyberSecurity #RansomwareAttack #ZeroDayExploit https://t.co/Vov3xiZKTJ
@CyberSecTV_eu
24 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/oFiZ1oZAHe
@TheCyphere
19 May 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
17 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization Threat actors with links to the P 𝗖𝘂𝗿𝗶𝗼𝘂𝘀? 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗳𝘂𝗹𝗹 𝘀𝘁𝗼𝗿𝘆! @thehackersnews @edgeitech
@Edgeitech
16 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
16 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
2025年、脆弱性の公開から24時間以内に28.3%が悪用されるという調査結果が示された。 ゼロデイ脆弱性の80%はパッチ提供前に攻撃されており、従来の月次パッチ運用では対応が間に合わない状況である。 CVE-2
@yousukezan
14 May 2025
5077 Impressions
17 Retweets
68 Likes
27 Bookmarks
0 Replies
0 Quotes
https://t.co/moILmlv9Gy Play ransomware exploits Windows zero-day vulnerability According to Symantec, the Play ransomware group and affiliated groups are using an exploit targeting the zero-day vulnerability CVE-2025-29824. Although the vulnerability was patched by Microsof
@B2bCyber
14 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
14 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
14 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
12 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
11 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Storm-2460 just waltzed through CVE-2025-29824 like it was an open bar 🍸 PipeMagic's doing tricks, and your EDR's still "thinking about it" 💤 Skip the guesswork. We did the research. You just read it. 🧠 👉 https://t.co/x5v1vefCCH #AlphaHunt #CyberSecurity
@alphahunt_io
11 May 2025
247 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
10 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Play Ransomware exploited the CVE-2025-29824 vulnerability in Windows before the patch, gaining elevated privileges and full system control. Affected countries include the US, Venezuela, Spain. 🔗https://t.co/ohGeRApIAM #Ransomware #CyberSecurity #ZeroDay #PatchNow htt
@protecticore
10 May 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
باج افزاری به نام play ransomware منتشر شده است که از آسیب پذیری با کد شناسایی (CVE-2025-29824) برای ارتقای سطح دسترسی استفاده می شود. این آسیب پذیری توسط ماکروسافت پچ شد
@AmirHossein_sec
10 May 2025
47 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
10 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month's Patch Tuesday. https://t.co/LSntOdQeaC
@luipo_
9 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Play Ransomware Exploiting Windows 0-Day Vulnerability CVE-2025-29824 📅 Date: 2025-04-08 📆 Timeline: Attack occurred prior to public patch on April 8, 2025, with reconnaissance and exploitation steps executed before detection. Patching and advisories re
@syedaquib77
9 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Balloonfly Ransomware Group Exploits Windows Zero-Day Vulnerability CVE-2025-29824 📅 Date: 2025-04-08 📆 Timeline: Initial exploitation detected early 2025; Microsoft patch released 2025-04-08; ongoing monitoring for further activity. 📍 Location: Uni
@syedaquib77
9 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ランサムウェア グループがWindowsのゼロデイ 脆弱性をサイバー攻撃に悪用(CVE-2025-29824) #セキュリティ対策Lab #セキュリティ #Security https://t.co/ypMsAGRb3w
@securityLab_jp
9 May 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Posible explotación activa de CVE-2025-29824 como Zero-Day en Windows 🔍 Se habría identificado una campaña que explota la vulnerabilidad CVE-2025-29824 (CLFS) como un posible zero-day para comprometer sistemas Windows, afectando incluso a organizaciones en EE.UU. y MX
@tpx_Security
8 May 2025
107 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
8 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ Play Ransomware Gang Exploits Windows CLFS Zero-Day for SYSTEM Privileges The Play ransomware gang leveraged a Windows CLFS zero-day flaw, CVE-2025-29824, to gain SYSTEM privileges and deploy malware in targeted US attacks. Microsoft patched the vulnerability in April 20
@gossy_84
8 May 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Playランサムウェア、Windowsの共通ログファイルシステムにおける脆弱性をゼロデイ攻撃で悪用(CVE-2025-29824) 🇪🇸欧州狙うDDoS攻撃が3月に88%増加、最大の標的はスペイン 〜サイバーアラート 5月8日〜 htt
@MachinaRecord
8 May 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Ransomware groups exploited Windows zero-day before patch CVE-2025-29824 let attackers gain system privileges to drop malware like PipeMagic and Grixba. Patch now if you haven’t. https://t.co/RhM5iImQZc #ZeroDay #CVE202529824 #ransomware https://t.co/8GIoQCJB3R
@dCypherIO
7 May 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Threat Alert: Exploitation of Windows Zero-Day CVE-2025-29824 by Multiple Ransomware Groups 📅 Date: 2025-04 📆 Timeline: Initial exploitation detected prior to April 2025 patch release; ongoing ransomware activity observed through April 2025. 📍 Location: United St
@syedaquib77
7 May 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The Play ransomware gang exploited a critical Windows zero-day flaw (CVE-2025-29824) to escalate privileges, install backdoors, and deploy malware across global sectors including finance & government. Stay aware! ⚠️ #WindowsVuln #GlobalThreats https://t.co/AKXBPRyUn7
@TweetThreatNews
7 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In early May 2025, cybersecurity researchers from Symantec's Threat Hunter Team reported that the Play ransomware group exploited a zero-day vulnerability in Microsoft Windows, identified as CVE-2025-29824, to breach a U.S.-based organization. https://t.co/7nUHUiuLur https://t.co
@CoroMSP
7 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play ransomware actors exploited a zero-day flaw in Windows (CVE-2025-29824) for privilege escalation, targeting a U.S. org with info theft tools like Grixba disguised as Palo Alto. 🚨 Stay alert. #ZeroDay #US #Threat https://t.co/KarqWgCc3L
@TweetThreatNews
7 May 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/LoWpn9xPyO
@Dinosn
7 May 2025
2225 Impressions
7 Retweets
28 Likes
8 Bookmarks
0 Replies
1 Quote
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/2g83sSGvAn https://t.co/oyQ62TQepI
@talentxfactor
7 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization. Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a... https://t.co/LdsdrSfIe1 #InceptusSecure #UnderOurProtection
@Inceptus3
7 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
7 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Play #Ransomware Exploited #Windows #CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/tgO53B4ONM
@ScyScan
7 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/iQO70ggc65
@buzz_sec
7 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Multiple threat groups exploited the Windows zero-day CVE-2025-29824 before patches, impacting organizations worldwide. Storm-2460 was linked to some attacks using malware. Stay vigilant! 🖥️ #Windows #CyberThreats #Global https://t.co/7ujQO6hotI
@TweetThreatNews
7 May 2025
33 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
📌 استغل مرتكبو هجوم رانسوموار Play ثغرة أمنية حديثة في Windows (CVE-2025-29824) كثغرة يوم الصفر لاستهداف منظمة في الولايات المتحدة. ووفقًا لفريق Symantec Threat Hunter، تم استخ
@Cybercachear
7 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📍Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://t.co/GQDPJJ5mGt
@cyberetweet
7 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware. 🔗 Read: https://t.co/6y6DsuyGrT
@TheHackersNews
7 May 2025
12206 Impressions
40 Retweets
88 Likes
18 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-29824
@transilienceai
5 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-29824
@transilienceai
4 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Storm-2460 just walked through CVE-2025-29824 like it was an open bar 🍸 PipeMagic’s doing tricks, and your EDR’s still “thinking about it” 💤 Skip the guesswork. We did the research. You just read it. 🧠 👉 https://t.co/x5v1vegasf #AlphaHunt #CyberSecurity
@alphahunt_io
2 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "575117BF-9A1E-4B90-85D8-4172A58B3B72",
"versionEndExcluding": "10.0.10240.20978"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "B3B4804C-685B-4F37-92DE-CE73D1B106B4",
"versionEndExcluding": "10.0.10240.20978"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "474622F8-06D4-4AD1-8D72-A674909A7634",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "559D55D4-2BF2-4B8F-90CA-C6B885334A3E",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "13A4A79D-8D45-48FA-84F5-CE1A78E8E424",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "03AB53EC-354E-4F30-A278-2835CA341503",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "83B3306F-C4EE-45A6-8139-6FAFC46DC696",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "EDE77D74-EFE2-42C5-A080-AE16F604968B",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FDD937C8-E2F9-4A39-8023-E4C06078074E",
"versionEndExcluding": "10.0.19044.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "BCF4434C-9197-405A-BBB3-53EA66ADAC9A",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "3630C9CC-2C8C-4089-926D-0981277CA599",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "6D97B26B-F2C1-4C94-B549-FE1728E925EB",
"versionEndExcluding": "10.0.19045.5737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "350A5C83-A85B-4CC1-81C6-F36C1BE0687E",
"versionEndExcluding": "10.0.22621.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AAB1352F-725F-427E-A3F3-73A48287D0C7",
"versionEndExcluding": "10.0.22621.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "0A9C8BFA-DC5B-4E27-AEA1-0CF52B4FDF88",
"versionEndExcluding": "10.0.22631.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "1718BEDA-0AF8-4A6D-B053-AE746C7617C8",
"versionEndExcluding": "10.0.22631.5189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "39A448D0-EB9F-42FE-85A2-A4AA88D4CEBD",
"versionEndExcluding": "10.0.26100.3775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "8B1600DE-F4B9-456C-A42F-5E5CDB2D6DEF",
"versionEndExcluding": "10.0.26100.3775"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A232AB6-1EC5-44E7-AB75-0EB9A5A63259",
"versionEndExcluding": "10.0.14393.7969"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2941A94-927C-4393-B2A0-4630F03B8B3A",
"versionEndExcluding": "10.0.17763.7136"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52706BEC-E3D6-4188-BB88-7078FE4AF970",
"versionEndExcluding": "10.0.20348.3453"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DA8E1E4-0C78-4ADC-9490-4A608D8601FD",
"versionEndExcluding": "10.0.25398.1551"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AA03AE1F-F78C-4864-A1B6-15846AAD4899",
"versionEndExcluding": "10.0.26100.3775"
}
],
"operator": "OR"
}
]
}
]