CVE-2025-21271

High

Published: 14 January 2025

Published

14 January 2025

Modified

27 January 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0028 51.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Security Summary

CVE-2025-21271 is an Elevation of Privilege vulnerability in the Windows Cloud Files Mini Filter Driver. This flaw, published on 2025-01-14, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-126 and NVD-CWE-noinfo. It affects Windows systems utilizing the Cloud Files Mini Filter Driver component.

A local attacker with low privileges can exploit this vulnerability due to its local attack vector and low complexity requirements, with no user interaction needed. Successful exploitation grants high impacts on confidentiality, integrity, and availability, enabling the attacker to elevate privileges, potentially achieving full system compromise.

Microsoft's Security Response Center provides an update guide detailing mitigation and patching information for CVE-2025-21271 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271.

Details

CWE(s): CWE-126NVD-CWE-noinfo

Affected Products

microsoft

windows 10 1809

≤ 10.0.17763.6775 · ≤ 10.0.17763.6775

microsoft

windows 10 21h2

≤ 10.0.19044.5371

microsoft

windows 10 22h2

≤ 10.0.19045.5371

microsoft

windows server 2019

≤ 10.0.17763.6775

microsoft

windows server 2022

≤ 10.0.20348.3091

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21271
Patch, Vendor Advisory · secure@microsoft.com