CVE-2025-50170

Summary

Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.7678affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6216affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6216affected
MicrosoftWindows 11 version 22H210.0.22621.0 < 10.0.22621.5768affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.5768affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.5768affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.4946affected
MicrosoftWindows Server 201910.0.17763.0 < 10.0.17763.7678affected
MicrosoftWindows Server 2019 (Server Core installation)10.0.17763.0 < 10.0.17763.7678affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4052affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1791affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.4946affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.4946affected

Weaknesses

  • CWE-280: CWE-280: Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References