Zero Day MonitorZDM

← Back to list

7.8

CVE-2025-62221KEVEXPLOITEDPATCHED

microsoft · windows_10_1809

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Description

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Affected Products

Vendor	Product	Versions
microsoft	windows_10_1809	< 10.0.17763.8146, < 10.0.17763.8146, < 10.0.19044.6691, < 10.0.19045.6691, < 10.0.22631.6345, < 10.0.26100.7392, < 10.0.26200.7392, < 10.0.17763.8146, < 10.0.20348.4467, < 10.0.25398.2025, < 10.0.26100.7392

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62221(Vendor Advisory)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62221(US Government Resource)

Related News (1 articles)

Tier B

JPCERT/CC

Security Alert: Microsoft Releases December 2025 Security Updates

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch availableCVE-2025-62221

CWECWE-416

Published12/9/2025

Last enriched3d agov2

Tags

elevation of privilegewindowscloud files

Trending Score59

Source articles1

Independent1

Info Completeness11/14

Missing: epss, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-32187EXP

Microsoft Edge (Chromium-based) Defense in Depth Vulnerability

HIGHCVE-2026-21510EXPKEV

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

MEDIUMCVE-2026-20805EXPKEV

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

CRITICALCVE-2026-20963EXPKEV

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

HIGHCVE-2026-4449EXP

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Dec 9, 2025

Added to CISA KEV

Dec 9, 2025

Actively Exploited

Dec 10, 2025

Exploit Available

Dec 10, 2025

Patch Available

Dec 10, 2025

Discovered by ZDM

Mar 26, 2026

Updated: patchAvailable, tags

Mar 27, 2026

Version History

v2

Last enriched 3d ago

v2Tier B3d ago

Updated product versions to include additional affected versions and added patch information along with new relevant tags.

patchAvailabletags

via JPCERT/CC

v13d ago

Initial creation