AI description
CVE-2025-55680 is an Elevation of Privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. It stems from a time-of-check time-of-use (TOCTOU) race condition within the driver. An authenticated, local attacker can exploit this vulnerability to elevate their privileges to SYSTEM level. The vulnerability exists in the `HsmpOpCreatePlaceholders()` function when processing requests to create placeholder files under synchronized directories. Attackers can modify the filename in memory between the time the filename is validated and the time the file is created. By exploiting this race condition, an attacker can bypass security checks and create files anywhere on the system, leading to privilege escalation.
- Description
- Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-367
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
28
On the note of CVE-2025-55680, here's CVE-2025-50170 a logic bug I reported a while back in the same function. Allows me to corrupt any libraries(e.g NTDLL.DLL) on the system, even those already loaded in another process's memory. https://t.co/q0osjkrmij
@minacrissDev_
21 Oct 2025
833 Impressions
1 Retweet
3 Likes
2 Bookmarks
0 Replies
0 Quotes
On the note of CVE-2025-55680, here's CVE-2025-50170 a logic bug I reported a while back in the same function. Allows me to corrupt any libraries(e.g NTDLL.DLL) on the system, even those already loaded in another process's memory. https://t.co/HAflYBhnrO
@cplearns2h4ck
21 Oct 2025
6506 Impressions
21 Retweets
132 Likes
40 Bookmarks
1 Reply
0 Quotes
A zero day I found last year has been patched on October (CVE-2025-55680) :(, it was a nice and easy patch bypass. Here the write-up https://t.co/70ZglevS15
@s1ckb017
21 Oct 2025
10998 Impressions
45 Retweets
140 Likes
68 Bookmarks
1 Reply
1 Quote
Critical Windows Minifilter Flaw Lets Hackers Escalate Privileges A critical vulnerability in Microsoft Windows Cloud Minifilter (CVE-2025-55680) was patched, fixing a race condition enabling privilege escalation and arbitrary file creation. Discovered by Exodus Intelligence in
@Secwiserapp
21 Oct 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-55680 cldflt.sys EoP exploited in TyphoonPWN 2025 A direct bypass of @tiraniddo 's bug from 2020 (https://t.co/rufFO8D4dj) unpatched for 5 years https://t.co/DUT4IalZiS
@cplearns2h4ck
16 Oct 2025
7805 Impressions
19 Retweets
160 Likes
58 Bookmarks
1 Reply
0 Quotes