CVE-2025-62221

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to December 2025 Patch Tuesday

Description A use-after-free vulnerability exists in the Windows Cloud Files Mini Filter Driver. Successful exploitation of this issue allows an authorized attacker to elevate privileges locally, potentially gaining SYSTEM-level access. This vulnerability is actively exploited in the wild and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog with a remediation deadline of December 30, 2025. The vulnerability is triggered when an attacker tampers with cloud file sync operations, such as those performed by OneDrive, to exploit the driver and gain elevated system privileges. The issue is related to a flaw in the cldflt.sys file. It is a use-after-free condition, where memory is accessed after it has been freed, leading to potential code execution.

Recommendations Apply the December 2025 Patch Tuesday update to all affected systems immediately.