CVE-2025-62470
clfs.sys — heap-based buffer overflow allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | clfs.sys |
| Vulnerability Class | Buffer Overflow (Heap) |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | December 9, 2025 |
Root Cause
A heap-based buffer overflow in the CLFS driver occurs when processing crafted log file structures. Missing size validation allows a write past the end of an allocated buffer, corrupting adjacent kernel pool objects.
Exploitation
The attacker creates a crafted CLFS log file that triggers the heap overflow. Adjacent object corruption provides a kernel write primitive for SYSTEM escalation.
Exploitation Primitive
Crafted CLFS log file → heap buffer overflow
→ adjacent object corruption → SYSTEM