See Also - Alert CISA Adds Two Known Exploited Vulnerabilities to Catalog Release Date April 08, 2025
May 7, 2025 By Pierluigi Paganini
The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware.
The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after free in Windows Common Log File System Driver that allows an authorized attacker to elevate privileges locally. An attacker who successfully exploited this flaw could gain SYSTEM privileges, Microsoft confirmed that the vulnerability has been exploited in attacks in the wild.
In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog.
