August 19, 2025 By Pierluigi Paganini
Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed.
A joint report from Kaspersky and BI.ZONE analyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observed in 2025. The researchers identified key changes in its operators’ tactics. BI.ZONE experts focused on a technical analysis of the CVE-2025-29824 vulnerability exploited to deploy PipeMagic malware RansomExx attacks.
In May, the Play ransomware gang exploited a Windows Common Log File System flaw CVE-2025-29824 in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after free in Windows Common Log File System Driver that allows an authorized attacker to elevate privileges locally. An attacker who successfully exploited this flaw could gain SYSTEM privileges, Microsoft confirmed that the vulnerability has been exploited in attacks in the wild.
