CVE DATABASE / CVE-2025-32706
CVE-2025-32706
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Confirmed exploited in the wild. Added 2025-05-13.
Federal remediation due 2025-06-03.
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Summary
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
Data: NIST NVD + CISA KEV. Always verify against the vendor advisory before acting.