A essential safety vulnerability within the Home windows Frequent Log File System Driver (CLFS) permits attackers to escalate their privileges to SYSTEM stage entry.
The vulnerability, tracked as CVE-2025-32713, was launched on June 10, 2025, and impacts a number of Home windows working programs from legacy variations to the newest Home windows 11 and Home windows Server 2025.
The vulnerability stems from a heap-based buffer overflow within the Home windows Frequent Log File System Driver, categorized below CWE-122: Heap-based Buffer Overflow.
Heap-Primarily based Buffer Overflow in Home windows CLFS Driver
Microsoft has assigned this vulnerability an “Vital” severity score with a CVSS 3.1 rating of seven.8/6.8.
The CVSS vector string CVSS:3.1 signifies that whereas the assault vector is native, it requires low assault complexity and low privileges, with no person interplay wanted.
The vulnerability’s assault traits make it notably regarding for enterprise environments. An attacker who efficiently exploits this flaw may achieve SYSTEM privileges, representing the very best stage of entry in Home windows programs.
The exploit evaluation signifies that “Exploitation Extra Probably,” although Microsoft confirms that the vulnerability has not been publicly disclosed or exploited within the wild as of the disclosure date.
Safety researcher Seunghoe Kim with S2W Inc. found and reported this vulnerability via Microsoft’s coordinated vulnerability disclosure program.
The heap-based buffer overflow permits authenticated attackers to govern reminiscence allocation processes throughout the Frequent Log File System Driver, probably resulting in arbitrary code execution with elevated privileges.
Threat FactorsDetailsAffected ProductsWindows Consumer OS: 10 (1607, 1809, 21H2, 22H2), 11 (22H2, 23H2, 24H2)Home windows Server OS: 2008, 2012/R2, 2016, 2019, 2022, 2025ImpactSYSTEM-level privilege escalationExploit PrerequisitesLocal system entry, low-privilege person accountCVSS 3.1 Score7.8 (Vital)
Affected Programs and Safety Updates
The vulnerability impacts an in depth vary of Home windows working programs, demonstrating the widespread nature of the Frequent Log File System Driver part.
Affected programs embrace Home windows 10 variations 1607, 1809, 21H2, and 22H2, Home windows 11 variations 22H2, 23H2, and 24H2, and a number of Home windows Server editions, together with Home windows Server 2008, 2012, 2016, 2019, 2022, and the most recent Home windows Server 2025.
Microsoft has launched complete safety updates throughout all affected platforms. For Home windows 11 model 23H2, the safety replace KB5060999 brings programs to construct 10.0.22631.5472.
Home windows 10 model 22H2 customers ought to replace KB5060533 to achieve construct 10.0.19045.5965. Home windows Server 2025 receives twin updates KB5060842 and KB5060841, updating to builds 10.0.26100.4349 and 10.0.26100.427,0, respectively.
Legacy programs aren’t forgotten on this patch cycle. Home windows Server 2012 R2 receives Month-to-month Rollup KB5061018, updating to model 6.3.9600.22620, whereas Home windows Server 2008 programs get updates KB5061026 and KB5061072, reaching model 6.0.6003.23351.
Organizations ought to prioritize the rapid deployment of those safety updates given the vulnerability’s potential for privilege escalation assaults.
Microsoft recommends following normal safety practices, together with implementing defense-in-depth methods, sustaining up to date endpoint safety, and monitoring for uncommon privilege escalation actions in safety logs.
Automate risk response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
