Detections
Analytics

CVE-2025-29824

high

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824

https://securelist.com/malware-report-q2-2025-pc-iot-statistics/117421/

https://www.securityweek.com/microsoft-dissects-pipemagic-modular-backdoor/

https://www.darkreading.com/threat-intelligence/pipemagic-backdoor-resurfaces-play-ransomware-attack-chain

https://securityaffairs.com/181286/breaking-news/analyzing-evolution-of-the-pipemagic-malware.html

https://therecord.media/ransomware-gang-masking-pipemagic-backdoor

https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html

https://securelist.com/pipemagic/117270/

https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast

https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-ongoing-sap-netweaver-attacks/

https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html

https://www.securityweek.com/second-ransomware-group-caught-exploiting-windows-flaw-as-zero-day/

https://www.bleepingcomputer.com/news/security/play-ransomware-exploited-windows-logging-flaw-in-zero-day-attacks/

https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html

https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/

https://www.databreachtoday.com/microsoft-warns-ransomware-actors-exploiting-windows-flaw-a-27960

https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/

https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/

https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/

https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate

https://cyberscoop.com/microsoft-patch-tuesday-april-2025/

https://www.tenable.com/blog/microsofts-june-2025-patch-tuesday-addresses-65-cves-cve-2025-33053

https://www.tenable.com/blog/microsofts-may-2025-patch-tuesday-addresses-71-cves-cve-2025-32701-cve-2025-32706

https://www.tenable.com/blog/microsofts-april-2025-patch-tuesday-addresses-121-cves-cve-2025-29824

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-29824

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-10-27

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01488