CVE-2025-32701

Published May 13, 2025

Last updated 6 days ago

Exploit knownCVSS high 7.8

Overview

Description
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Exploit added on
May 13, 2025
Exploit action due
Jun 3, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-416

Social media

Hype score
Not currently trending

  1. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/WRh4BF2KY6 https://t.co/1rh4OfaBoF

    @IT_Peurico

    21 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    21 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    21 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    20 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    19 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    19 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. همانطور که چند روز پیش اعلام کردیم ، دو آسیب پذیری از نوع privilege escalation با کدهای شناسایی CVE-2025-32706 و CVE-2025-32701 برای Common Log File System یا همان CLFS ویندوز منتشر شده است.

    @AmirHossein_sec

    18 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    18 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    17 May 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    17 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/Dq8Qb3AqIK https://t.co/vQHwQpv1jS

    @ggrubamn

    16 May 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    16 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    16 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/2O9bm9ajQf https://t.co/iRfSNnHrjK

    @secured_cyber

    15 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/oCqgFJSpID https://t.co/to0H1eqA5i

    @PintoriAlice

    15 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ¡ Actualización crítica! @Microsoft lanzó su Patch Tuesday de mayo 2025, corrigiendo 71 vulnerabilidades, incluidas 7 de día cero, 5 explotadas activamente. Se debe priorizar la aplicación de parches, especialmente para CVE-2025-32701 y CVE-2025-32706 en el Windows CLFS

    @juan_carrillo

    14 May 2025

    464 Impressions

    3 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  17. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/fVLEHRDIAv https://t.co/nNKlRk6IFJ

    @Art_Capella

    14 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows 💣 CVE-2025-30397 – zdalne wykonanie kodu przez przeglądarkę (RCE) 💣 CVE-2025-32701 i CVE-2025-32706 – podniesienie uprawnień w CLFS 💣 CVE-2025-30400 – podniesienie uprawnień w D

    @Sekurak

    14 May 2025

    4227 Impressions

    6 Retweets

    40 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2025-32701

    @transilienceai

    14 May 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/51odky3E8b https://t.co/xMMH7BdTJT

    @Trej0Jass

    14 May 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400) https://t.co/ymqJiQPblS https://t.co/UWmtTifko4

    @dansantanna

    14 May 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-32701 #Microsoft #Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability https://t.co/FIjkFvgvLa

    @ScyScan

    13 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. CVE-2025-32701 Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. https://t.co/vfXPZIjRRn

    @CVEnew

    13 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.