About Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2025-62221) vulnerability. cldflt.sys is the Windows Cloud Files Mini Filter driver whose purpose is to present files and folders stored in the cloud as if they were located on the local computer. A vulnerability in this driver, fixed as part of Microsoft’s December Patch Tuesday, allows a local attacker to obtain SYSTEM privileges. The root cause of the vulnerability is a Use After Free issue (CWE-416).
⚙️ The vulnerability was discovered by Microsoft researchers (from MSTIC and MSRC). Updates are available for Windows 10/11 and Windows Server 2019/2022/2025.
👾 The vulnerability has been exploited in the wild and added to the CISA KEV catalog. No attack details are available yet.
🛠 Since December 10, alleged exploit repositories briefly appeared on GitHub and were later removed; exploit sale offers have also been observed (possibly fraudulent).
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.