CVE-2025-0651
Published: 22 January 2025
Description
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0.
Security Summary
CVE-2025-0651 is an Improper Privilege Management vulnerability (CWE-269) in Cloudflare WARP on Windows that enables file manipulation. It affects WARP versions prior to 2024.12.492.0. The issue stems from inadequate handling of symbolic links in the C:\ProgramData\Cloudflare\warp-diag-partials folder during the "Reset all settings" operation.
A local attacker with low system privileges can exploit this by creating symbolic links within the specified folder that point to arbitrary files, including those owned by the System user. Upon triggering the "Reset all settings" option, the WARP service—running with System privileges—deletes the files referenced by the symlinks. This results in unauthorized file deletion, with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high impact on integrity and availability.
Cloudflare's WARP client documentation at https://developers.cloudflare.com/warp-client/ provides relevant details on the software. Mitigation requires updating to WARP version 2024.12.492.0 or later to address the vulnerability.
Details
- CWE(s)