CVE-2025-29824

high

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)
Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)

Published: 2025-04-08

Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.

References

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-05-14

Named Vulnerability: ZTA Microsoft Windows Common Log File System (CLFS) Driver flawNamed Vulnerability: CLFS Zero-DayKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.19164