Improper Privilege Management in Cloudflare WARP on Windows
CVE-2025-0651

6.1MEDIUM

Key Information:

Vendor: Cloudflare
Status: Warp
Vendor: CVE Published:; 22 January 2025

What is CVE-2025-0651?

A security vulnerability in Cloudflare WARP for Windows enables users with limited privileges to create symbolic links in the C:\ProgramData\Cloudflare\warp-diag-partials directory. When the 'Reset all settings' option is triggered, the WARP service—operating with System privileges—can inadvertently delete files referenced by these symlinks. This may lead to deletion of crucial files owned by the System user, posing significant risks to system integrity and data availability. Affected versions include WARP prior to 2024.12.492.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WARP Windows 0 < 2024.12.492.0

References

https://developers.cloudflare.com/warp-client/

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

https://hackerone.com/sim0nsecurity?type=user

JSON

Cloudflare