CVE-2025-62221

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to December 2025 Patch Tuesday

Description A use-after-free condition exists in the Windows Cloud Files Mini Filter Driver. Successful exploitation of this issue allows an authorized attacker to gain elevated privileges locally, potentially reaching SYSTEM-level access. This vulnerability, identified as CVE-2025-62221, is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of December 30, 2025. The vulnerability is present in the

cldflt.sys

driver, a component used by cloud file synchronization services like OneDrive and Google Drive. An attacker with local code execution rights can manipulate cloud file sync operations to exploit the vulnerability and escalate their privileges. The issue impacts Windows 10 and later versions.

Recommendations Apply the December 2025 Patch Tuesday update to all affected systems immediately.