CVE-2025-32706

high

Description

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)

Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)

Published: 2025-05-13

Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

https://www.infosecurity-magazine.com/news/microsoft-seven-zerodays-may-patch/

https://securityaffairs.com/177856/security/u-s-cisa-adds-microsoft-windows-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/zero-day-attacks-highlight-another-busy-microsoft-patch-tuesday/

https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog

https://www.theregister.com/2025/05/14/patch_tuesday_may/

https://www.tenable.com/blog/microsofts-june-2025-patch-tuesday-addresses-65-cves-cve-2025-33053

https://www.tenable.com/blog/microsofts-may-2025-patch-tuesday-addresses-71-cves-cve-2025-32701-cve-2025-32706

Details

Source: Mitre, NVD

Published: 2025-05-13

Updated: 2025-05-16

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.08932