Sunday, May 18, 2025
Advertisements

CISA Issues Alert on Five Actively Exploited Windows Zero-Day Vulnerabilities

by Charline
written by Charline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new Windows zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. All five are being actively exploited in the wild and pose serious threats to organizations operating within Microsoft Windows environments.CISA is urging public and private sector organizations to apply immediate mitigations to reduce the risk of compromise and unauthorized access.

Use-After-Free Vulnerabilities

Three of the five zero-days involve use-after-free programming flaws—dangerous memory errors that can allow attackers to gain elevated privileges.

Advertisements

CVE-2025-30400: Affects the Desktop Window Manager (DWM) Core Library. This flaw allows a locally authorized user to escalate privileges on a compromised system.

Advertisements

CVE-2025-32701: Targets the Common Log File System (CLFS) Driver, enabling similar privilege escalation.

Advertisements

CVE-2025-32709: Impacts the Ancillary Function Driver for WinSock, also providing attackers a pathway to administrative control.

Advertisements

While no ransomware campaigns have been directly tied to these exploits yet, CISA emphasizes that the risk is substantial due to their active use in the wild.

Scripting Engine Type Confusion Vulnerability

CVE-2025-30397 is a critical flaw in the Microsoft Windows Scripting Engine caused by a type confusion error (CWE-843). This vulnerability allows remote code execution without the need for user privileges.

An attacker could exploit this by tricking a user into clicking on a malicious link. Successful attacks could allow the installation of malware, data theft, or broader system compromise.

This vulnerability is especially dangerous for organizations using browser-based or script-heavy applications, making it a prime target for phishing and drive-by download attacks.

Heap-Based Buffer Overflow in CLFS Driver

The final zero-day, CVE-2025-32706, involves a heap-based buffer overflow in the CLFS driver (CWE-122). This flaw can allow attackers to execute code or crash systems by sending specially crafted input data.

Due to the CLFS driver’s role in system operations and logging, a successful exploit could hinder detection and allow deeper compromise of network environments.

Urgent Mitigation Steps

CISA strongly advises organizations to take the following steps immediately:

  • Apply all vendor patches and mitigations as released by Microsoft and related suppliers.
  • Follow guidance from Binding Operational Directive 22-01 for cloud and critical service environments.
  • Consider disabling or replacing affected systems if no patch is available.

With active exploitation confirmed, and the potential for ransomware or broader attacks high, organizations are urged to monitor the KEV catalog and reinforce their vulnerability management practices.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

Hackers Use Google Services to Send Fake Law Enforcement Data Requests

Record-Breaking $27 Billion Black Market ‘Haowang Guarantee’ Taken Down

Nucor Shuts Down Production Following Cyberattack

Chihuahua Stealer Uses Google Drive to Steal Login Credentials

Threat Actors Use Malicious HTML Files to Spread Horabot Malware

Researchers Unveil New Method to Track Compartmentalized Cyber Threats

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

What is CroxyProxy?
What is a Web Proxy Server? Types, Benefits & Use Cases
What is FoxyProxy? Features, Benefits & Use Cases
What is SOCKS5 Proxy Server and How Does it Works?

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com