CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-29824

Critical Severity
Microsoft
SVRS
73/100
CVSSv3
7.8/10
EPSS
0.04332/1

CVE-2025-29824 is a critical use-after-free vulnerability in the Windows Common Log File System (CLFS) Driver, potentially allowing local privilege escalation. This Windows vulnerability received a CVSS score of 7.8, but SOCRadar's Vulnerability Risk Score (SVRS) elevates the concern by giving it a score of 73. While not above the critical threshold of 80, the high SVRS, combined with the "Exploit Available" and "In The Wild" tags, indicates a significant and active threat. Exploitation of this vulnerability could allow an attacker with local access to gain elevated privileges on the system. The vulnerability, categorized as CWE-416, highlights the risk of memory management errors in kernel-mode drivers. Due to active exploits and its presence in the CISA KEV catalog, immediate patching is strongly recommended to mitigate potential risks.

TAGS
Vendor-advisory
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:U
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2025-04-08
LAST MODIFIED2025-04-16

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-298242025-04-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users
Balaji N2025-04-21
Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users | Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an internal token logging error and the rollout of a new security feature called MACE […] The post Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users appeared
cybersecuritynews.com
rss
forum
news
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-04-17
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A […] U.S. Cybersecurity and
securityaffairs.co
rss
forum
news
Windows CLFS Zero-Day CVE-2025-29824 Exploited by Ransomware Group Storm-2460
Dhara Shrivastava ([email protected])2025-04-16
Windows CLFS Zero-Day CVE-2025-29824 Exploited by Ransomware Group Storm-2460 |  A newly disclosed Windows zero-day vulnerability, tracked as CVE-2025-29824, is being actively exploited in cyberattacks to deliver ransomware, Microsoft has warned. This flaw affects the Windows Common Log
blogger.com
rss
forum
news
Microsoft: CLFS Zero-Day Flaw Exploited in Ransomware Attacks
Viplav Kushwah ([email protected])2025-04-16
Microsoft: CLFS Zero-Day Flaw Exploited in Ransomware Attacks |  Ransomware attackers abused a zero-day flaw in a widely used Windows logging system for managing transactional information to launch attacks
blogger.com
rss
forum
news
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
Ajit Jasrotia2025-04-14
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More | Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume […] The post ⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized
cve-2025-31565
cve-2024-53150
cve-2025-25211
cve-2025-2636
14th April – Threat Intelligence Report - Check Point Software
2025-04-14
14th April – Threat Intelligence Report - Check Point Software | News Content: For the latest discoveries in cyber research for the week of 14th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The United States Office of the Comptroller of the Currency (OCC), an independent bureau of the Department of the Treasury, has suffered a significant security breach. Threat actors have gained access to the bureau’s email messages for a period of a year and a half. According to the agency’s disclosure, the messages included “highly sensitive information relating to the financial condition of federally regulated financial
google.com
rss
forum
news
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More - The Hacker News
2025-04-14
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More - The Hacker News | News Content: Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world where AI tools can be used against you and ransomware hits faster than
google.com
rss
forum
news

Social Media

#thisweekinmalware Episode 251 Part 2: How To Remove CVE-2025-29824 Zero-Day Vulnerability Used in #Ransomware Attacks https://t.co/ph8TqNhqqa #zeroday #infosec #cybersec #cybercrime #cyberattack #cybersecurity #malware #vulnerability #hackers
0
0
0
Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/KDBkBei267 https://t.co/Py3DR3gSgN
0
0
0
Windows zero-day (CVE-2025-29824) hit by ransomware! Patched, but are you safe? Share tips! #Cybersecurity #OSINT #Ransomware https://t.co/HJdG6QtPov
0
0
0
#thisweekinmalware Episode 251: Avoid Nuvid.(dot)com Adult Site, Why Remove CVE-2025-29824 Vulnerability & PicoTachyonen App https://t.co/V6CelQVAyT #malware #infosec #cybersec #cyberattack #cybercrime #CyberSecurity #hackers #adware #ads #redirect
0
0
0
🚨 New Windows zero-day (CVE-2025-29824) exploited in ransomware attacks! ⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang. 🔒 Patch ASAP if you haven't! https://t.co/P6VRAkXrIU
0
0
0
🚨 Microsoft lançou atualizações de segurança em abril de 2025, corrigindo 125 vulnerabilidades, sendo 11 críticas. Destaque para a zero-day CVE-2025-29824, que permite elevação de privilégios no Windows 10. Importante ficar atento a essas ameaças. Fica o alerta!
0
0
0
@IM_SAJJAD_ Today's top cybersecurity news: 1. Windows Zero-Day Exploit: A critical vulnerability, CVE-2025-29824, in the Windows Common Log File System is being exploited by ransomware groups like Storm-2460. It allows privilege escalation, risking data breaches across sectors like IT and
0
0
0
CYBERSECURITY INTEL: PipeMagic Trojan Exploits Windows Zero-Day (CVE-2025-29824) { "threat": "PipeMagic Trojan", "vulnerability": { "cve": "CVE-2025-29824", "component": "Windows Common Log File System (CLFS)", "impact": "Privilege Escalation to SYSTEM",
0
0
0
Microsoft's latest patch addresses 125 Windows vulnerabilities, including the critical CLFS zero-day (CVE-2025-29824) under active exploitation. Stay updated and secure! 🔐 #CyberSecurity #Microsoft #ZeroDay https://t.co/wtV5HSwcoT
0
0
0
⚡ This week highlights a critical Windows zero-day vulnerability (CVE-2025-29824) and ESET antivirus flaw exposing users to malware. Threats evolve, urging stronger defenses. #WindowsZeroDay #ESETAlert #USA link: https://t.co/vqyuXRvudd https://t.co/VffSjxGWa1
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_server_2012

References

ReferenceLink
WINDOWS COMMON LOG FILE SYSTEM DRIVER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/cve-2025-29824-windows-common-log-file-system-driver-elevation-of-privilege-vulnerability-detection-script
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/cve-2025-29824-windows-common-log-file-system-driver-elevation-of-privilege-vulnerability-mitigation-script
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence