CVE-2025-29824

high

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)

Published: 2025-04-08

Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824

https://securelist.com/malware-report-q2-2025-pc-iot-statistics/117421/

https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/

https://www.darkreading.com/threat-intelligence/pipemagic-backdoor-resurfaces-play-ransomware-attack-chain

https://securityaffairs.com/181286/breaking-news/analyzing-evolution-of-the-pipemagic-malware.html

https://therecord.media/ransomware-gang-masking-pipemagic-backdoor

https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html

https://securelist.com/pipemagic/117270/

https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast

https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/

https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/

https://www.bleepingcomputer.com/news/security/play-ransomware-exploited-windows-logging-flaw-in-zero-day-attacks/

https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html

https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/

https://www.databreachtoday.com/microsoft-warns-ransomware-actors-exploiting-windows-flaw-a-27960

https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/

https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/

https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/

https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate

https://cyberscoop.com/microsoft-patch-tuesday-april-2025/

https://www.tenable.com/blog/microsofts-june-2025-patch-tuesday-addresses-65-cves-cve-2025-33053

https://www.tenable.com/blog/microsofts-may-2025-patch-tuesday-addresses-71-cves-cve-2025-32701-cve-2025-32706

https://www.tenable.com/blog/microsofts-april-2025-patch-tuesday-addresses-121-cves-cve-2025-29824

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-05-14

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.19164

Detections

Analytics