CyberSecurity news
FlagThis
@www.helpnetsecurity.com
//
CISA has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action follows Microsoft's May 2025 Patch Tuesday, which addressed a total of 72 vulnerabilities, including these five zero-day exploits. The vulnerabilities affect various Windows components, posing a significant risk to systems if left unpatched. The addition to the KEV catalog underscores the urgency for organizations to apply the relevant Microsoft patches.
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock.
Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation.
ImgSrc: img.helpnetsecu
References :
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock.
Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation.
ImgSrc: img.helpnetsecu
Share:
References :
- isc.sans.edu: Microsoft Patch Tuesday: May 2025, (Tue, May 13th)
- cyberscoop.com: Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days
- Help Net Security: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
- cyberinsider.com: Microsoft Patches Five Actively Exploited Flaws in May 2025 Windows 11 Update
Classification:
- HashTags: #CISA #Vulnerabilities #Exploitation
- Company: Microsoft
- Target: Windows Users
- Product: Windows
- Feature: Active Exploitation
- Type: Vulnerability
- Severity: Major