CVE-2025-29824

high

Description

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)

Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824)

Published: 2025-04-08

Microsoft addresses 121 CVEs including one zero-day which was exploited in the wild.

References

https://www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/

https://www.databreachtoday.com/microsoft-warns-ransomware-actors-exploiting-windows-flaw-a-27960

https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/

https://www.tenable.com/blog/microsofts-april-2025-patch-tuesday-addresses-121-cves-cve-2025-29824

https://www.securityweek.com/microsoft-patches-125-windows-vulns-including-exploited-clfs-zero-day/

https://www.helpnetsecurity.com/2025/04/08/patch-tuesday-microsoft-zero-day-cve-2025-29824/

https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate

https://cyberscoop.com/microsoft-patch-tuesday-april-2025/

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29824

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High