CVE-2025-29824

CVE-2025-29824 is a critical use-after-free vulnerability in the Windows Common Log File System (CLFS) driver, allowing local attackers to escalate privileges to SYSTEM level. Actively exploited in the wild, this flaw has been leveraged by the ransomware group Storm-2460, using the PipeMagic malware to deploy ransomware across various sectors, including IT, finance, and retail. Microsoft released patches for most affected systems on April 8, 2025; however, updates for Windows 10 32-bit and x64 systems are pending. Organizations are urged to apply available updates promptly and implement mitigation strategies to safeguard against potential exploits.

PipeMagic Trojan Exploits Windows CLFS Zero-Day Vulnerability to Deploy Ransomware

PipeMagic Trojan Exploits Windows CLFS Zero-Day Vulnerability to Deploy Ransomware

A newly discovered critical vulnerability, CVE-2025-29824, in the Windows Common Log File System (CLFS) is being actively exploited by the PipeMagic trojan to conduct ransomware attacks across various global industries. This zero-day flaw allows attackers to gain SYSTEM privileges, enabling them to deploy ransomware, such as RansomEXX, and encrypt data. While Windows 11 version 24H2 is not affected, Microsoft has released a patch and advises immediate updates. The attacks involve malicious payloads downloaded from compromised websites, and organizations are urged to implement security best practices to mitigate this ongoing threat, with companies like Technijian offering specialized defense services. ... Read More