About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level.
🔻 According to Microsoft, the vulnerability was exploited in attacks against organizations in the U.S., Venezuela, Spain, and Saudi Arabia. The exploit was embedded in the PipeMagic malware used by the Storm-2460 group to deploy ransomware.
🔻 On May 7, Symantec reported technical details about another exploit for the vulnerability, used by Balloonfly group (associated with the Play ransomware) in an attack on a U.S. organization prior to April 8.
👾 Are there public exploits? According to BDU FSTEC — yes. NVD also lists “exploit links”, but they point to detection and mitigation scripts. 🤷♂️ No mentions yet in exploit packs or on GitHub.
