⚠ Actively exploited
Added to CISA KEV on 2025-05-13. Federal agencies required to patch by 2025-06-03. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
CVE-2025-32701 — Use After Free in Microsoft Windows 10 Version 1507
Severity
7.8HIGHNVD
EPSS
1.5%
top 18.57%
CISA KEV
KEV
Added 2025-05-13
Due 2025-06-03
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
KEV addedMay 13
KEV dueJun 3
Latest updateJun 10
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages26 packages
🔴Vulnerability Details
3GHSA▶
GHSA-8h2p-ffrc-w7hm: Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally↗2025-05-13
📋Vendor Advisories
2🕵️Threat Intelligence
10Tenable▶
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)↗2025-05-13