CVE-2023-28252

ENISA EUVD: EUVD-2023-31960 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 12 articles Published: 2023-04-11
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
62.21%
probability
This CVE has a 62.21% probability of being exploited in the next 30 days.
0% Top 98.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Functional
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Description

NVD
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Affected Products

Microsoft
Windows 10 Version 1809
10.0.17763.0
Microsoft
Windows 10 Version 1809
10.0.0
Microsoft
Windows Server 2019
10.0.17763.0
Microsoft
Windows Server 2019 (Server Core installation)
10.0.17763.0
Microsoft
Windows Server 2022
10.0.20348.0

Attack Intelligence

Google Project Zero

Patched
April 11, 2023
Reported by
Boris Larin (oct0xor), Genwei Jiang with Mandiant, Quan Jin with DBApp Security WeBin Lab
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-28252.html

Exploits & PoC

fortra/CVE-2023-28252
181 2023-07-10
duck-sec/CVE-2023-28252-Compiled-exe

A modification to fortra's CVE-2023-28252 exploit, compiled to exe

55 2024-01-24
byt3n33dl3/CLFS

it's a CVE-2023-28252 (Patched), but feel free to use it for check any outdated software or reseach

6 2024-07-09
726232111/CVE-2023-28252
0 2023-08-02
Danasuley/CVE-2023-28252-

Обнаружение эксплойта CVE-2023-28252

0 2023-11-13
Vulmatch/CVE-2023-28252

The TL;DR for the learnings of Windows Vulnerability CVE-2023-28252

0 2024-06-16
6 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 62.21%
CVSS v3.1 7.8
Mentions 12
Last Seen Apr 08, 2025

CNA Information

CNA Assigner
microsoft
CNA Title
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Analyst Note

This CVE meets confirmed status criteria with strong evidence of real-world exploitation by ransomware gangs, high CVSS score (7.8), and verification from reputable security sources including Google Project Zero. The vulnerability in the Windows Common Log File System Driver represents a critical elevation of privilege vector that has been actively exploited in the wild since 2023.

Threat Actors 16

Cobalt
apt_group Financial crime 🇷🇺 RU
Harvester
apt_group Information theft and espionage Unknown
Hacking Team
apt_group 🇮🇹 IT
SCATTERED SPIDER
apt_group Financial crime 🇺🇸 US
The Shadow Brokers
apt_group 🇷🇺 RU
Group 27
apt_group Information theft and espionage 🇨🇳 CN
Earth Lamia
apt_group Information theft and espionage 🇨🇳 CN
Roaming Mantis
apt_group 🇯🇵 JP
Rocke
apt_group 🇨🇳 CN
Red Dev 17
apt_group 🇨🇳 CN
Red October
apt_group 🇷🇺 RU
Shadow Network
apt_group Information theft and espionage 🇨🇳 CN
Mana Team
apt_group 🇨🇳 CN
Operation Shadow Force
apt_group 🇨🇳 CN
Operation Black Atlas
apt_group Financial crime
Storm-2460
apt_group 🇷🇺 RU

Triage Info

Decided atMar 03, 2026
Published DateApr 11, 2023