*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

ACTIVELY EXPLOITED VULNERABILITY

Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-29824
Exploit or POC: Yes, this vulnerability has been actively exploited in the wild.
Update: CVE-2025-29824 – Microsoft Security Advisory

Description: CVE-2025-29824 is a use-after-free vulnerability in the Windows Common Log File System (CLFS) Driver. This flaw allows authenticated attackers to execute arbitrary code with elevated SYSTEM privileges. Notably, the RansomEXX ransomware group has exploited this vulnerability to deploy the PipeMagic backdoor, facilitating further malicious activities.

Mitigation Recommendation: Microsoft has released security updates addressing this vulnerability as part of the April 2025 Patch Tuesday. Administrators are strongly advised to apply these updates promptly to mitigate potential threats. For systems where immediate patching is not feasible, it is recommended to monitor for unusual activities associated with the CLFS driver and restrict access to critical systems. 

Note: Given the active exploitation of this vulnerability, immediate action is essential to safeguard systems against potential attacks. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure. 

CRITICAL VULNERABILITIES