Impact
The Common Log File System Driver contains a heap‑based buffer overflow that can be triggered by code executed in an authorized user context. An attacker who is already logged on locally can trigger the overflow to overwrite control data and elevate privileges to the highest local level, effectively gaining SYSTEM rights on the affected machine.
Affected Systems
Affected systems include Microsoft Windows 10 releases 1607, 1809, 21H2, 22H2 and Windows 11 releases 23H2, 24H2, 25H2, 22H3, as well as Microsoft Windows Server 2008 R2 SP1, 2008 SP2, 2012, 2012 R2, 2016, 2019, 2022, 2025 and the 23H2 edition. All 32‑bit and 64‑bit builds, plus Server Core installations, are vulnerable because the driver resides in core OS code.
Risk and Exploitability
The vulnerability scores a CVSS of 7.8, indicating high severity, and an EPSS of 3 %. The flaw requires an attacker to have local access and the ability to run code, and it is not listed in the CISA KEV catalog. While exploitation is probable in environments where an attacker can execute code locally, widespread use has not yet been reported.
OpenCVE Enrichment