Race Condition Vulnerability in Windows Cloud Files by Microsoft
CVE-2025-55680

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 11 Version 25h2
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Vendor
CVE Published:
14 October 2025

Badges

🔥 Trending now📈 Trended📈 Score: 2,080👾 Exploit Exists📰 News Worthy

What is CVE-2025-55680?

CVE-2025-55680 represents a significant vulnerability found within the Windows Cloud Files Mini Filter Driver developed by Microsoft. This specific flaw is characterized as a time-of-check to time-of-use (TOCTOU) race condition, which occurs when a system checks for a certain condition and then subsequently uses the result of that check without ensuring that the underlying state hasn't changed in the interim. Exploitation of this vulnerability allows an authorized attacker to elevate their privileges locally on affected systems. Such privilege escalation could enable the attacker to gain access to sensitive data or execute unauthorized actions within the operating environment, potentially undermining the organization’s overall security posture.

Potential impact of CVE-2025-55680

  1. Privilege Escalation: The primary impact of this vulnerability is the ability for users with existing access to elevate their privileges, which could allow them to gain administrative rights and perform actions beyond their intended permissions. This can lead to unauthorized data access or manipulation.

  2. Compromise of Sensitive Data: With elevated access, attackers could potentially access sensitive files and information that would otherwise be protected, compromising the confidentiality and integrity of critical organizational data.

  3. Increased Attack Surface: The existence of this vulnerability may encourage further exploitation attempts, leading to a cascade of security breaches. Attackers could leverage this flaw to establish footholds within the system, paving the way for subsequent cyberattacks, including data exfiltration and malware deployment.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7919

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6456

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.6456

News Articles

favicon imagegbhackers.com

Microsoft Windows Cloud Minifilter Flaw Enables Privilege Escalation

A security vulnerability in Microsoft Windows Cloud Minifilter has been patched, addressing a race condition that allowed attackers to escalate privileges

1 day ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by gbhackers.com

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-55680 : Race Condition Vulnerability in Windows Cloud Files by Microsoft