CVE-2025-24059

HIGH

Windows Common Log File System Driver - Privilege Escalation

Title source: llm
STIX 2.1

Description

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0021
EPSS Percentile 43.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-681 CWE-125
Status published
Products (17)
microsoft/windows_10_1507 < 10.0.10240.20947
microsoft/windows_10_1607 < 10.0.14393.7876 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.7009 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.5608
microsoft/windows_10_22h2 < 10.0.19045.5608
microsoft/windows_11_22h2 < 10.0.22621.5039
microsoft/windows_11_23h2 < 10.0.22631.5039
microsoft/windows_11_24h2 < 10.0.26100.3403
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2 sp1
... and 7 more
Published Mar 11, 2025
Tracked Since Feb 18, 2026