CVE-2025-62221
Published Dec 9, 2025
Last updated 7 days ago
AI description
CVE-2025-62221 is an elevation of privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. It stems from a use-after-free issue within the driver. An attacker with local access and some privileges can exploit this vulnerability to gain SYSTEM-level privileges. Successful exploitation of CVE-2025-62221 allows an attacker to gain full control of a Windows system. The attack complexity is low, and no user interaction is required. This vulnerability is actively being exploited.
- Description
- Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Use After Free Vulnerability
- Exploit added on
- Dec 9, 2025
- Exploit action due
- Dec 30, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/xLD8NDdxAy https://t.co/3ODGDQpdvQ
@IT_Peurico
16 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on active exploitation of Windows Cloud Files Mini Filter vulnerability (CVE-2025-62221). Immediate patching required to prevent SYSTEM-level access. Link: https://t.co/nGS8RCNV1B #Security #Vulnerability #Windows #CISA #Patch #Exploit #Access #Cyber #Alert #Flaw http
@dailytechonx
15 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのクラウドファイル同期を支えるドライバーに、すでに攻撃で使われているゼロデイが判明した。侵入後に権限をSYSTEMまで引き上げ、端末や社内資産を丸ごと支配され得る。米CISAは既知悪用カタログ入
@yousukezan
14 Dec 2025
11589 Impressions
86 Retweets
119 Likes
63 Bookmarks
0 Replies
2 Quotes
PATCH TUESDAY DROPPED WITH AN EXPLOITED WINDOWS ZERO-DAY Microsoft's December updates include an exploited-in-the-wild elevation-of-privilege bug (CVE-2025-62221) plus other notable fixes (including PowerShell and Copilot-related issues). If you manage fleets, this is one of
@ironCardSec
13 Dec 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
【重要】 Windowsの12/10に公表された脆弱性、無関係な人皆無。 先日発表されたcldflt.sysに関する脆弱性「CVE-2025-62221」について、各媒体で 「OneDrive」が原因とされている勘違いアホ野郎が多いんで、言うときま
@Stellorbit
13 Dec 2025
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
12月のWindows Updateで公開されたCVE-2025-62221をついた攻撃を検知するKQLクエリを生成AIと作成してみました。 低権限プロセスからSYSTEM権限プロセスが生成される異常パターンを検知することができます。EDR + XDR +
@shojiueda
13 Dec 2025
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Update: CVE-2025-62221 elevation-of-privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. Read more: https://t.co/JxrGNcIwiA https://t.co/kWolBLDmpb
@ado_security
12 Dec 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/mtKmZF03Qk https://t.co/iFNK5N8qYM
@secured_cyber
12 Dec 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🚨 Microsoft has patched two critical zero-day vulnerabilities, CVE-2025-62221 and CVE-2025-54100, that enable privilege escalation and remote code execution, with active exploitation detected in the wild. 👾 A c
@greytech_ltd
12 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Some LPE analysis in the December patch CVE-2025-62472&CVE-2025-59517&CVE-2025-62221 1)CVE-2025-62472:rasmans!QueueCloseConnections. Write an out-of-bounds conn pointer -> overwrite the user_data linked list -> unlink -> uaf(conn) -> uaf(port) -> lpe http
@ezrak1e
12 Dec 2025
5094 Impressions
10 Retweets
75 Likes
34 Bookmarks
2 Replies
0 Quotes
2025年12月 Microsoftが定例パッチをリリース-3件のゼロデイを修正(CVE-2025-62221,CVE-2025-64671,CVE-2025-54100) https://t.co/4zqKmSxEaO #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
11 Dec 2025
107 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 December Patch Tuesday: Three Microsoft Zero-Days Fixed Microsoft patched three zero-days exploited in the wild this month. CVE-2025-62221: Windows Lightweight Directory Access Protocol (LDAP) RCE—attackers send crafted LDAP requests to Domain Controllers for code
@the_c_protocol
11 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
¡Peligro crítico! Microsoft parchea **zero-day** ($CVE-2025-62221$) en Windows **activamente explotado** que permite la Elevación de Privilegios. Parchear inmediatamente es vital. \#Ciberseguridad \#Microsoft \#ZeroDay https://t.co/gZABhv9J5M
@GadgetsTimesRD
11 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Estamos viendo en los honeypots que tenemos en diferentes proveedores mucho tráfico de exploit activo tome nota por favor señores del gobierno. Microsoft Security Advisory (search CVE-2025-62221) .@CSIRTPanama .@aigesinnovacion
@ErickArturoP
11 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/zqrpeNuobb https://t.co/tpPAEMpbm1
@EAlexStark
11 Dec 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
December Patch Tuesday delivers fixes for 57 CVEs, including a Windows zero-day privilege escalation (CVE-2025-62221) and a critical Notepad++ update targeting Chinese attacker exploits. #MicrosoftPatch #NotepadPlusPlus #China https://t.co/DpRmX6Awxh
@TweetThreatNews
11 Dec 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patches 3 Zero-Days, 57 Flaws in December Update https://t.co/8jdlSj1UNo #cve-2025-62221 #RemoteCodeExecution #SecurityUpdates
@wizconsults
10 Dec 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Windows (CVE-2025-62221, CVSS 7.8) allows local users to abuse a use-after-free bug in cldflt.sys and escalate to SYSTEM. Actively exploited — install the Dec 2025 updates now. #ThreatIntel #RedLeggCTI https://t.co/gZOorQPYHK
@RedLegg
10 Dec 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/4c4l2857AT https://t.co/AAzgtuyM8x
@dansantanna
10 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ITSecurity CVE-2025-62221 Microsoft Windows Use After Free Vulnerability https://t.co/RIYEfaMhRu
@seaarepea
10 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Alert: CVE-2025-62221 #Microsoft under active exploitation on Windows , view report here: https://t.co/uZXo4A8gGY #Warning #CyberSecurity #CyberAttack #CISA #Exploit #InfoSec #hacking #Windows #CloudComputing #HackerStorm https://t.co/SLdmilTK2I
@hackerstorm
10 Dec 2025
62 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Windows, Use After Free, #CVE-2025-62221 (High) https://t.co/0ksLRs74xI
@dailycve
10 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/jfMYw26xl3 https://t.co/WeQS1mx69C
@ggrubamn
10 Dec 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 فيه ثغرة خطيرة في Windows Cloud Files Mini Filter Driver (cldflt.sys) مستغلة دلوقتي في الهجمات الواقعية. الثغرة دي (CVE-2025-62221) بتخلي أي حد يقدر ياخد صلاحيات SYSTEM على الجهاز. الثغر
@DarkCyberXX
10 Dec 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/HtzS7xDDLt https://t.co/QcO6zeGybY
@Art_Capella
10 Dec 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft’s Dec 2025 Patch Advisory is live! 50+ vulnerabilities patched across Windows, Office, Outlook, SharePoint, Azure Monitor & more, including multiple Critical RCEs and an actively exploited CLFS EoP (CVE-2025-62221). 🛡️ Patch now → https://t.co/xb2Ca
@sequretek_sqtk
10 Dec 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Patch Tuesday! I looked at the actively exploited CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability https://t.co/5C0pjBzK8T #patchtuesday
@_gengstah
10 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのクラウドファイル用ミニフィルタードライバーにゼロデイが発覚し、既に悪用が確認されているとしてMicrosoftが緊急パッチを公開した(CVE-2025-62221)。ローカル権限からSYSTEM権限へ昇格できる重大欠陥で
@yousukezan
10 Dec 2025
1779 Impressions
5 Retweets
12 Likes
3 Bookmarks
0 Replies
1 Quote
Microsoft’s December 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-62221) https://t.co/16ewH8tcjk https://t.co/erIFRd2rZM
@Trej0Jass
10 Dec 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
cve-2025-62221
@FogStingray
10 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added RARLAB WinRAR path traversal vulnerability CVE-2025-6218 & Microsoft Windows use after free vulnerability CVE-2025-62221 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattack
@CISACyber
9 Dec 2025
5152 Impressions
27 Retweets
39 Likes
10 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5CEB496A-8AF3-458D-B466-16204E535DE0",
"versionEndExcluding": "10.0.17763.8146"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "C99D0580-E443-4440-A211-19BA3C2C4AFA",
"versionEndExcluding": "10.0.17763.8146"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D04167A-522C-433E-8CEB-C1D8A02C23D8",
"versionEndExcluding": "10.0.19044.6691"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A86D6CDC-55E5-4817-A6CE-4CE41921FB79",
"versionEndExcluding": "10.0.19045.6691"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DCE32D0-A9E0-4029-AB35-5E202A42AF01",
"versionEndExcluding": "10.0.22631.6345"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DCD2A6E-7CD0-4FCC-AC11-5A1470776C24",
"versionEndExcluding": "10.0.26100.7392"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EA08CDD-D682-403D-8B50-879EB4D88C67",
"versionEndExcluding": "10.0.26200.7392"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A20DBDB1-D0DE-4800-8BEA-35EE5D53659D",
"versionEndExcluding": "10.0.17763.8146"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C552FBB4-8F98-492E-A084-AF14C9514A67",
"versionEndExcluding": "10.0.20348.4467"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9CE4A36-DA42-40CC-8724-E30A22CA84B6",
"versionEndExcluding": "10.0.25398.2025"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35BBEADA-D039-479B-A1BA-B2A7E37235BE",
"versionEndExcluding": "10.0.26100.7392"
}
],
"operator": "OR"
}
]
}
]