CVE-2025-32706
clfs.sys — heap-based buffer overflow from improper input validation
Exploited in the Wild
Actively exploited zero-day. Patched alongside CVE-2025-32701 in the same cycle.
Summary
| Field | Value |
|---|---|
| Driver | clfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | Yes |
| Patch Date | May 13, 2025 |
Root Cause
Missing input validation in the CLFS driver causes a heap-based buffer overflow when processing crafted log file metadata. The second CLFS zero-day patched in the same May 2025 cycle (alongside CVE-2025-32701), continuing a CLFS exploitation pattern from CVE-2022-37969 through CVE-2025-29824.
Exploitation
The heap overflow corrupts adjacent kernel objects for SYSTEM privilege escalation.
Exploitation Primitive
Crafted CLFS log file → heap buffer overflow → adjacent object corruption → SYSTEM