Heap‑based buffer overflow in the Windows Common Log File System Driver allows an attacker who has already gained a local user account on the machine to trigger a memory corruption that results in elevation of privileges to the highest local level. The flaw originates from insufficient bounds checking when the driver processes structured data, enabling a user context to hijack control flow and execute arbitrary code with SYSTEM rights, thereby compromising confidentiality, integrity, and availability of the affected system.

Affected Windows clients and servers include Windows 10 releases 1607, 1809, 21H2, and 22H2 and Windows 11 releases 23H2, 24H2, 25H2, and 22H3. Server editions spanning Windows Server 2008 R2 SP1 and SP2, Windows Server 2012 and 2012 R2, Windows Server 2016, 2019, 2022, 2025, and the 23H2 edition are all affected. All 32‑bit and 64‑bit builds as well as Server Core installations are susceptible because the driver resides in core OS code.

The vulnerability carries a CVSS score of 7.8, indicating high severity, yet the EPSS score is below 1 %, suggesting low probability of real‑world exploitation at this time. As it is a local privilege escalation requiring an authorized user, the attack vector is limited to environments where an attacker can run code locally. The flaw is not listed in the CISA KEV catalog, so no widespread exploit signatures have been reported yet. Nevertheless, the ability to gain SYSTEM privileges poses a significant risk if the vulnerability were to be leveraged in privileged phishing or malware campaigns.