Skip to main content

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:42 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.0.22631.5472,10.0.17763.7434,10.0.26100.4349
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17791
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
CVE Published
Jun 10, 2025 - 17:21 nvd
HIGH 7.8

DescriptionCVE.org

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

AnalysisAI

Heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver that allows local authenticated attackers to achieve privilege escalation with high confidence of exploitation. The vulnerability affects Windows systems with the CLFS driver enabled and requires local access with standard user privileges; successful exploitation grants complete system compromise including code execution at SYSTEM level. While no public POC is confirmed in available intelligence, the straightforward nature of heap overflows and the high CVSS score (7.8) with low attack complexity indicate active research interest and potential for rapid weaponization.

Technical ContextAI

The Common Log File System (CLFS) is a Windows kernel-mode driver component that provides a high-performance, general-purpose logging mechanism used by various Windows subsystems. CLFS is implemented in clfs.sys and processes kernel-level logging requests through system calls. The vulnerability is classified as CWE-122 (Heap-based Buffer Overflow), indicating that improper bounds checking in memory allocation or data copying operations within the CLFS driver allows an attacker-controlled buffer to overflow heap memory. This specific class of vulnerability in kernel drivers is particularly dangerous because: (1) heap metadata corruption can lead to arbitrary code execution, (2) kernel execution context means privilege level escalation to SYSTEM, and (3) the driver operates at ring-0 privilege level. The root cause likely stems from insufficient validation of log record sizes, transaction parameters, or user-supplied data passed through CLFS IOCTLs without proper length verification before heap operations.

RemediationAI

Immediate actions: (1) Apply Windows security updates released by Microsoft addressing CVE-2025-32713—patches will update clfs.sys with bounds checking fixes; (2) If patch unavailable, implement access controls restricting local login to trusted users only, disabling unnecessary local accounts and guest access; (3) Monitor for exploitation attempts via Event ID 4688 (process creation) and kernel debugging logs for clfs.sys exceptions. Specific patch versions should be obtained from Microsoft Security Updates portal—Windows Update or WSUS deployment recommended. For systems unable to patch immediately: disable CLFS if not required (requires reboot and verification of dependent services), implement device guard/credential guard to isolate processes, and apply AppLocker policies restricting execution of suspicious applications. Long-term: maintain current Windows patching cadence and subscribe to Microsoft Security Response Center advisories.

CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH POC
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2013-10047 CRITICAL POC
9.3 Aug 01

An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote

CVE-2012-10030 CRITICAL POC
9.3 Aug 05

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

Share

EUVD-2025-17791 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy