CVE-2025-29824

Published Apr 8, 2025

Last updated 2 days ago

Exploit knownCVSS high 7.8
Windows
CLFS

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) driver. Successful exploitation of this vulnerability allows an attacker to elevate their privileges to SYSTEM, meaning they can gain complete control over the affected system. This vulnerability has been exploited in the wild as a zero-day, meaning attackers were actively using it before a patch was available. It has been associated with ransomware attacks, where attackers use the elevated privileges to deploy ransomware. The vulnerability was addressed in Microsoft's April 2025 Patch Tuesday update.

Description
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Exploit added on
Apr 8, 2025
Exploit action due
Apr 29, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-416

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

2

  1. Microsoft Windows, Exploitation de la faille de Sécurité CVE-2025-29824 dans CLFS (Common Log File System) https://t.co/xSaoRICEpx

    @NicolasCoolman

    13 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    12 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Windows’ta Kritik Güvenlik Açığı: CVE-2025-29824 Saldırı Altında! Güncellemeleri Hemen Yükleyin https://t.co/zpmHvSuJYa https://t.co/c3S1iznwhc

    @cozumpark

    12 Apr 2025

    245 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    12 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Critical zero-day vulnerability CVE-2025-29824 in Windows CLFS exploited by Storm-2460 using PipeMagic malware, impacting sectors globally. Urgent patch released on April 8, 2025. ⚠️ #Microsoft #Venezuela #MalwareThreats link: https://t.co/d2JXAt013I https://t.co/wpbhlps5gr

    @TweetThreatNews

    12 Apr 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Microsoft has rolled out a crucial security update for 126 vulnerabilities affecting Windows, Office, and Azure. Notably, CVE-2025-29824 is actively exploited. Stay secure! 🔒 #Microsoft #Vulnerabilities #USA link: https://t.co/MwdPjkVyUi https://t.co/wMpVfFsTPU

    @TweetThreatNews

    12 Apr 2025

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 #AlerteCyber : Microsoft confirme une faille #ZeroDay active (CVE-2025-29824) sur #Windows10/11 ! 🔓 Exploitée par RansomEXX pour installer des #ransomwares 🛡️ Correctifs : Win11 : KB5055523/28 URGENT Win10 : KB5055518 (+ patch à venir) 📅 Patché le 09/04 mais exploité depuis

    @wowo_lamah

    12 Apr 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    11 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/6EwECrRjbO https://t.co/cT8ctBj8Gw

    @dansantanna

    11 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    11 Apr 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CVE-2025-29824 Zero Day PipeMagic Detection.kql https://t.co/W4p7JVt0Nz https://t.co/OQEV0rewSw https://t.co/kbutTfGvDT

    @0x534c

    11 Apr 2025

    2606 Impressions

    10 Retweets

    50 Likes

    26 Bookmarks

    1 Reply

    0 Quotes

  12. From Exploit to Ransomware: Detecting CVE-2025-29824 https://t.co/DD8ooLY3kl The Microsoft Security blog highlights the active exploitation of CVE-2025-24983, a zero-day vulnerability in the Windows Common Log File System (CLFS) that allows local privilege escalation to SYSTE…

    @f1tym1

    11 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. 윈도우 취약점 CVE-2025-29824을 악용한 랜섬웨어 공격 주의 https://t.co/7I2oJ9uulu #랜섬웨어 #취약점 #ransomeware

    @sakaijjang

    11 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. We added Microsoft Windows and Gladinet CentreStack vulnerabilities CVE-2025-29824 & CVE-2025-30406 to our Known Exploited Vulnerabilities Catalog. mitigations to protect your org from cyberattacks. #InfoSec https://t.co/e4qh8xysog

    @GlobalCyberCom

    10 Apr 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ALERTĂ DE SECURITATE: Vulnerabilitate critică zero-day în Windows. CVE-2025-29824, exploatată activ de grupări cibernetice - https://t.co/DjcSxua8ze https://t.co/CfDWvmZBiX

    @InsiderNews_ro

    10 Apr 2025

    20 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA Issues New Vulnerability Alert — CVE-2025-29824 Actively Exploited The Cybersecurity and Infrastructure Security Agency (@CISAgov) has added CVE-2025-29824 to its Known Exploited Vulnerabilities Catalog, highlighting a critical threat targeting the Windows Common Log File

    @ExploitCritical

    10 Apr 2025

    54 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. The Windows CLFS zero-day exploit (CVE-2025-29824) was a security flaw hackers used to hijack PCs with ransomware It exploited a weak log file system to grab 'SYSTEM' access Globally, firms in the US, Venezuela, Spain, and Saudi Arabia got hit, losing data and facing chaos http

    @CryptoFriso

    10 Apr 2025

    211 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    2 Replies

    0 Quotes

  18. 🚨 Alertă – Vulnerabilitate critică de securitate cibernetică identificată la nivelul Microsoft Windows (CVE-2025-29824) 🚨 🔎 Vulnerabilitate critică exploatată activ în aprilie 2025 Microsoft a publicat patch-ul de securitate „Patch Tuesday” care remediază peste 120 de https:/

    @DNSC_RO

    10 Apr 2025

    99 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    10 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 🚨 مايكروسوفت تؤكد استغلال ثغرة يوم الصفر في Windows CLFS (CVE-2025-29824) لتنفيذ هجمات فدية استهدفت قطاع التجزئة في 🇸🇦 السعودية عبر برمجية PipeMagic. التحديثات الأمنية متوفرة الآن. 📌 التفاصيل عبر سايبركاست: ادناه https://t.co/QPuVrQubJg

    @cyberscastx

    10 Apr 2025

    2841 Impressions

    5 Retweets

    18 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  21. Storm-2460's #PipeMagic turns banks into open vaults. Still relying on '90s security? #Patch CVE-2025-29824 now or pay later. 🏦🔓 https://t.co/x5v1vefCCH #AlphaHunt #AskYourTIP #CyberSecurity #CTI

    @alphahunt_io

    10 Apr 2025

    3 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 ثغرة أمنية خطيرة في نظام تسجيل ملفات ويندوز تهدد القطاعات الحيوية! CVE-2025-29824 تتيح للمهاجمين تصعيد الامتيازات. القطاعات المستهدفة: تكنولوجيا المعلومات، القطاع المالي، البرمجيات، التجزئة. للمزيد: https://t.co/CB21fdkNZw 🛡️ #الأمن_السيبراني #مايكروسوفت #برامج_الفدية

    @CYBRAT_NET

    10 Apr 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Microsoft’s April 2025 Patch Tuesday: 126 fixes, 1 zero-day (CVE-2025-29824) live in the wild, ransomware vibes from Storm-2460. EoP & RCE bugs galore. Update ASAP—full scoop here: https://t.co/rUb6vm2jax #MicrosoftForms #cybersecurite

    @MehtaUnfiltered

    10 Apr 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. This week's major security updates: Microsoft fixed 120+ bugs incl. a zero-day (CVE-2025-29824), Adobe fixed critical ColdFusion & other app issues, and beware of malicious SourceForge downloads. #securityupdates

    @CyberWatch_News

    10 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/6oPIQv4dfh https://t.co/7t0jl7SLCZ

    @NickBla41002745

    10 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. ثغرة Zero Day جديدة تهز نظام Windows وتستغل فعلياً في هجمات فدية! 💣🛡️ (1/7) 🔍 اسم الثغرة: CVE-2025-29824 المكان: نظام CLFS في Windows التهديد: يُمكن للمهاجمين استغلالها لرفع الصلاحيات، والسيطرة الكاملة على النظام 💻⚠️ #سايبر #الأمن_السيبراني #Windows #ثغرات #CyberSecurity http

    @CyberTask

    10 Apr 2025

    5945 Impressions

    10 Retweets

    89 Likes

    43 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2025-29824

    @transilienceai

    10 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、Windows CLFSドライバの脆弱性CVE-2025-29824と、CrushFTPの脆弱性CVE-2025-31161がランサムウェアに悪用されたことが確認された。 https://t.co/yygT1Uwj2s

    @__kokumoto

    9 Apr 2025

    925 Impressions

    0 Retweets

    6 Likes

    2 Bookmarks

    3 Replies

    0 Quotes

  29. Microsoft released crucial Patch Tuesday updates, fixing multiple vulnerabilities, including critical flaws and a zero-day (CVE-2025-29824) in the CLFS driver, alongside critical RDP 🖥️ and LDAP 🌐 issues. Update now to stay safe! 🔒 #MicrosoftPatchTuesday #SecurityUpdate https:

    @CyberWolfGuard

    9 Apr 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. We erroneously posted that no patches were available for Windows 10 for the CVE-2025-29824 flaw based on this in Microsoft's advisory: "The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available." The patches are

    @BleepinComputer

    9 Apr 2025

    6468 Impressions

    14 Retweets

    36 Likes

    3 Bookmarks

    3 Replies

    0 Quotes

  31. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/D7PP349O9H https://t.co/ii6Fh6qCF4

    @secured_cyber

    9 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Good morning, $TETSUO. Two hours of sleep after coding all night, waking up to code again. Rise and grind! Put a tariff on Storm-2460 for CVE-2025-29824 use-after-free()! https://t.co/fP77Lg9Gui

    @7etsuo

    9 Apr 2025

    101 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  33. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/jBor7Hnxvc https://t.co/qcJg7ZzQ3k

    @ggrubamn

    9 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/UgqQDlkViZ https://t.co/4abumH4GeW

    @NickBla41002745

    9 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🔴 Urgent Alert: Windows CLFS driver vulnerability CVE-2025-29824 allows local privilege escalation. Exploited in ransomware attacks – patch now! Explore more on Rapid Risk Radar: https://t.co/MALJwlqWVk #CyberSecurity #Windows #RapidRiskRadar https://t.co/LpJXf2GIrt

    @rapidriskradar

    9 Apr 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CVE-2025-29824 is a patched Windows CLFS flaw exploited by Storm-2460 using PipeMagic to gain SYSTEM access in targeted ransomware attacks. Delivered via certutil + MSBuild. Patch now (April 2025 update). Not exploitable on Win11 24H2. #CyberSecurity #Zeroday #Ransomware https:

    @CloneSystemsInc

    9 Apr 2025

    356 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  37. Microsoftが4月の月例パッチ公開 「Windows共通ログファイルシステムドライバーの特権の昇格の脆弱性(CVE-2025-29824)」については、更新プログラムが公開されるよりも前に、悪用が行われていることが確認されており、マイクロソフトでは更新プログラムの適用を早急に行うよう呼びかけている

    @mianakirikareai

    9 Apr 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  38. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/JdcKIT3lAt https://t.co/ZCNvb6JSeY

    @Art_Capella

    9 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CISA has identified two critical vulnerabilities: CVE-2025-30406 in Gladinet CentreStack and CVE-2025-29824 in Microsoft Windows. Immediate patching is essential to protect systems! 🔒🛡️ #Gladinet #Windows #USA link: https://t.co/uZqreQTTqX https://t.co/fAgih7xJO7

    @TweetThreatNews

    9 Apr 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨 Microsoft’s April Patch Tuesday fixes 126 flaws, including an actively exploited Windows CLFS vulnerability (CVE-2025-29824) for local privilege escalation. 11 critical flaws patched in Microsoft Office, Excel, & more. Update now! https://t.co/jukEKorVNx #CyberSecurity

    @dCypherIO

    9 Apr 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/jGcEaCdvGC https://t.co/57QJRjulEm

    @pcasano

    9 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Уязвимость, о которой идет речь, это CVE-2025-29824, ошибка повышения привилегий в CLFS, которая может быть использована для получения привилегий SYSTEM. Она была исправлена ​​Redmond в рамках обновления Patch Tuesday за апрель 2025 года. https://t.co/WFp5lIk18v

    @byt3n33dl3

    9 Apr 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  43. Microsoft’s April 2025 Patch Tuesday Addresses 121 CVEs (CVE-2025-29824) https://t.co/7tS0ISR6yw https://t.co/XXIuYu4vOW

    @Trej0Jass

    9 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Microsoft’s April Patch Tuesday fixes 120+ vulnerabilities, incl. a CLFS zero-day (CVE-2025-29824) under active attack. RDP & LDAP RCE flaws also patched. Windows 10 users still waiting for critical updates. 🔗 Full details: https://t.co/wFmdWKcnQ5 #CyberSecurity #PatchTuesda

    @unbiased_times_

    9 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨 Critical Windows CLFS zero-day exploited! CVE-2025-29824 enables privilege escalation & PipeMagic malware deployment. Microsoft patched, apply updates ASAP. Stay vigilant! Learn more: https://t.co/Izavp7xA6h

    @Tudorel92659164

    9 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Kritische Schwachstelle im Windows CLFS wird aktiv von Ransomware-Gruppe ausgenutzt Eine kritische Zero-Day-Schwachstelle im Windows Common Log File System (CLFS), identifiziert als CVE-2025-29824, wird aktiv von der Ransomware-Gruppe Storm-2460 ausgenutzt. Diese https://t.co/js

    @tec4net

    9 Apr 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨 Microsoft just patched a critical zero-day flaw (CVE-2025-29824) being actively exploited in the wild. If you’re on Windows, here’s what you need to know 🧵 https://t.co/KACssbF0ml

    @efani

    9 Apr 2025

    337 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    0 Quotes

  48. Microsoft patch tuesday corregge 134 vulnerabilità e zero-day sfruttato da RansomEXX Sicurezza Informatica, CVE-2025-29824, cybersecurity, evidenza, Microsoft Patch Tuesday, RansomEXX, vulnerabilità, Windows 10, Windows 11, zero-day https://t.co/cXBcKskdwv https://t.co/MoApGMHDf7

    @matricedigitale

    9 Apr 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. PipeMagic Trojan Exploits Windows CLFS Zero-Day Vulnerability to Deploy Ransomware via msi/ MS is tracking the exploitation of CVE-2025-29824 under the moniker Storm-2460, with the threat actors using also PipeMagic to deliver exploit and ransomware https://t.co/chfeK5vSFV

    @JensHilbig

    9 Apr 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 New Windows zero-day (CVE-2025-29824) exploited in ransomware attacks! ⚡ Attackers used PipeMagic malware, hidden in MSBuild files, and hijacked legit sites to spread payloads. Linked to RansomEXX gang. Full report 👉 https://t.co/o8JNZ7ZMTZ 🔒 Patch ASAP if you haven't!

    @TheHackersNews

    9 Apr 2025

    12961 Impressions

    64 Retweets

    97 Likes

    22 Bookmarks

    1 Reply

    2 Quotes

Configurations

References