Cyber Resilience

CVE-2025-32706

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 May 2025

Published
13 May 2025
Modified
27 October 2025
KEV Added
13 May 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0112 78.6th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32706 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 21.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-32706 is an improper input validation vulnerability in the Windows Common Log File System Driver. The flaw received a CVSS 3.1 base score of 7.8 and is also tagged under CWE-20. It affects the Common Log File System Driver component of Microsoft Windows.

An authorized local attacker with low privileges can exploit the issue without user interaction to elevate privileges on the affected system, resulting in high impact to confidentiality, integrity, and availability.

Microsoft’s Security Response Center advisory provides official guidance and patches, while third-party resources supply detection and mitigation scripts. The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, confirming real-world exploitation activity. Its EPSS score remains low, with a current value of 0.0112 against a peak of 0.0130.

EU & UK References

Vulnerability details

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CWE(s)
KEV Date Added
13 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21014
microsoft
windows 10 1607
≤ 10.0.14393.8066
microsoft
windows 10 1809
≤ 10.0.17763.7314 · ≤ 10.0.17763.7314
microsoft
windows 10 21h2
≤ 10.0.19044.5854
microsoft
windows 10 22h2
≤ 10.0.19045.5854
microsoft
windows 11 22h2
≤ 10.0.22621.5335
microsoft
windows 11 23h2
≤ 10.0.22631.5335
microsoft
windows 11 24h2
≤ 10.0.26100.3981
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the Common Log File System Driver, blocking the malformed data that triggers the CWE-20 privilege-escalation flaw.

prevent

Mandates prompt installation of the vendor patch that corrects the input-validation defect in the driver before exploitation can succeed.

prevent

Enforces least-privilege restrictions on local accounts and processes, limiting the ability of an authorized user to reach or abuse the vulnerable kernel driver.

References