CVE-2025-55680

Published Oct 14, 2025

Last updated a month ago

CVSS high 7.8
Windows Cloud Files

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-55680 is an Elevation of Privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. It stems from a time-of-check time-of-use (TOCTOU) race condition within the driver. An authenticated, local attacker can exploit this vulnerability to elevate their privileges to SYSTEM level. The vulnerability exists in the `HsmpOpCreatePlaceholders()` function when processing requests to create placeholder files under synchronized directories. Attackers can modify the filename in memory between the time the filename is validated and the time the file is created. By exploiting this race condition, an attacker can bypass security checks and create files anywhere on the system, leading to privilege escalation.

Description
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-367

Social media

Hype score
Not currently trending

  1. CVE 2025 55680 PoC:No Public PoC? Watch AI Build One for CVE-2025-55680 ... https://t.co/buFct2D3bZ via @YouTube

    @penligent

    1 Dec 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [1day1line] CVE-2025-55680: LPE vulnerability in the Windows Cloud Files minifilter driver (cldflt.sys) via a TOCTOU race condition https://t.co/BTvAzbAIk8 This vulnerability abuses the fact that, when handling placeholder creation requests, the driver checks the user buffer ht

    @hackyboiz

    22 Nov 2025

    3376 Impressions

    13 Retweets

    38 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  3. New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680 https://t.co/hGyKi50YSb

    @_r_netsec

    15 Nov 2025

    533 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Vulnerabilidad en productos AMD ❗CVE-2025-55680 ➡️Más info: https://t.co/ODtjgmspwt https://t.co/f4nXbjrPln

    @CERTpy

    14 Nov 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️Vulnerabilidad en productos Microsoft ❗CVE-2025-55680 ➡️Más info: https://t.co/ABYZ2euOTS https://t.co/AD3UUqEoFO

    @CERTpy

    12 Nov 2025

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. A High-severity LPE flaw (CVE-2025-55680) in the Windows Cloud Files Driver allows local users to gain SYSTEM privileges by exploiting a TOCTOU race condition. Patch immediately. #WindowsLPE #TOCTOU #Cybersecurity #PatchBypass https://t.co/Sf8VExlcl7

    @the_yellow_fall

    10 Nov 2025

    475 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. Windows Cloud Files Minifilter の脆弱性 CVE-2025-55680:権限昇格などの恐れ https://t.co/ZgQDwLwpq7 Cloud Files Minifilter (cldflt.sys) がユーザー空間バッファをカーネルにマップしてから、禁止文字チェックとファイル作成を呼び

    @iototsecnews

    10 Nov 2025

    89 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. PoC Exploit Released for CVE-2025-55680 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw https://t.co/CcUyVJcwZh

    @Karma_X_Inc

    10 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680 https://t.co/hGyKi50YSb

    @_r_netsec

    9 Nov 2025

    315 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680 https://t.co/hGyKi50YSb

    @_r_netsec

    8 Nov 2025

    646 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  11. New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680 https://t.co/YWSf1HEIJW https://t.co/Yy2zHnKM54

    @secharvesterx

    5 Nov 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. New! Cloud Filter Arbitrary File Creation EoP Patch Bypass LPE - CVE-2025-55680 https://t.co/hGyKi50YSb

    @_r_netsec

    5 Nov 2025

    1951 Impressions

    2 Retweets

    8 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  13. Windowsのクラウド同期機能を支えるドライバに重大な競合状態の脆弱性が存在するとして、Microsoftが2025年10月に修正を行った。攻撃者はこの欠陥を突き、任意の場所にファイルを作成して権限昇格を達成できる

    @yousukezan

    30 Oct 2025

    1405 Impressions

    1 Retweet

    16 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  14. On the note of CVE-2025-55680, here's CVE-2025-50170 a logic bug I reported a while back in the same function. Allows me to corrupt any libraries(e.g NTDLL.DLL) on the system, even those already loaded in another process's memory. https://t.co/q0osjkrmij

    @minacrissDev_

    21 Oct 2025

    833 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  15. On the note of CVE-2025-55680, here's CVE-2025-50170 a logic bug I reported a while back in the same function. Allows me to corrupt any libraries(e.g NTDLL.DLL) on the system, even those already loaded in another process's memory. https://t.co/HAflYBhnrO

    @cplearns2h4ck

    21 Oct 2025

    6506 Impressions

    21 Retweets

    132 Likes

    40 Bookmarks

    1 Reply

    0 Quotes

  16. A zero day I found last year has been patched on October (CVE-2025-55680) :(, it was a nice and easy patch bypass. Here the write-up https://t.co/70ZglevS15

    @s1ckb017

    21 Oct 2025

    10998 Impressions

    45 Retweets

    140 Likes

    68 Bookmarks

    1 Reply

    1 Quote

  17. Critical Windows Minifilter Flaw Lets Hackers Escalate Privileges A critical vulnerability in Microsoft Windows Cloud Minifilter (CVE-2025-55680) was patched, fixing a race condition enabling privilege escalation and arbitrary file creation. Discovered by Exodus Intelligence in

    @Secwiserapp

    21 Oct 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-55680 cldflt.sys EoP exploited in TyphoonPWN 2025 A direct bypass of @tiraniddo 's bug from 2020 (https://t.co/rufFO8D4dj) unpatched for 5 years https://t.co/DUT4IalZiS

    @cplearns2h4ck

    16 Oct 2025

    7805 Impressions

    19 Retweets

    160 Likes

    58 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.