Detections
Analytics

CVE-2025-32706

high

Description

Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)

Published: 2025-05-13

Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog

Details

Source: Mitre, NVD

Published: 2025-05-13

Updated: 2025-05-14

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High