CVE-2025-32713
clfs.sys — heap-based buffer overflow allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | clfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | June 10, 2025 |
Root Cause
Missing bounds validation in the CLFS driver causes a heap-based buffer overflow when processing crafted log file metadata. This continues the long pattern of CLFS exploitation from CVE-2022-37969 through CVE-2025-32706.
Exploitation
The attacker creates a crafted CLFS log file. When the driver processes the malformed metadata, the heap overflow corrupts adjacent kernel objects for SYSTEM privilege escalation.
Exploitation Primitive
Crafted CLFS log file → heap buffer overflow
→ adjacent object corruption → SYSTEM