Cyber Resilience

CVE-2025-32701

HighCISA KEVActive ExploitationEUVD Exploited

Published: 13 May 2025

Published
13 May 2025
Modified
27 October 2025
KEV Added
13 May 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0186 83.5th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32701 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 16.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-32701 is a use-after-free vulnerability (CWE-416) in the Windows Common Log File System Driver. It carries a CVSS 3.1 base score of 7.8 and affects the driver component responsible for logging operations in supported Windows versions.

An authorized local attacker with low privileges can trigger the flaw to escalate privileges on the target system, resulting in high impact to confidentiality, integrity, and availability without requiring user interaction.

Microsoft has issued an advisory with remediation details at the MSRC update guide, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

EPSS values have remained low, moving only from a peak of 0.0208 to a current score of 0.0186.

EU & UK References

Vulnerability details

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CWE(s)
KEV Date Added
13 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21014
microsoft
windows 10 1607
≤ 10.0.14393.8066
microsoft
windows 10 1809
≤ 10.0.17763.7314 · ≤ 10.0.17763.7314
microsoft
windows 10 21h2
≤ 10.0.19044.5854
microsoft
windows 10 22h2
≤ 10.0.19045.5854
microsoft
windows 11 22h2
≤ 10.0.22621.5335
microsoft
windows 11 23h2
≤ 10.0.22631.5335
microsoft
windows 11 24h2
≤ 10.0.26100.3981
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor security updates that remediate the use-after-free flaw in the CLFS driver before exploitation can succeed.

prevent

Enforces least privilege so that a low-privileged local account cannot reach the SYSTEM-level access obtained after triggering the driver flaw.

prevent

Requires memory-protection mechanisms that can block or complicate exploitation of use-after-free conditions in kernel drivers.

References