5 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Windows Cloud Files Mini Filter Driver Privilege Escalation (Use-After-Free)
CVSS Score: 7.8 (High / Important severity for local elevation of privilege)
Identifier: CVE-2025-62221
Exploit or Proof of Concept (PoC): This vulnerability has been confirmed to be exploited in the wild.
Update:
Microsoft released a fix for CVE-2025-62221 in the December 2025 Patch Tuesday updates. Administrators must apply the Windows update that patches the Cloud Files Mini Filter Driver (cldflt.sys) as soon as possible, across all affected hosts.
Description:
CVE-2025-62221 is a use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver. Due to improper memory handling, a local low-privileged user can trigger memory corruption in the driver and escalate to SYSTEM privileges.
Mitigation Recommendation:
Immediately deploy Microsoft's December 2025 security updates on all Windows hosts.
Identify systems running the vulnerable Cloud Files Mini Filter Driver version and prioritize patching for any system where user access is common (workstations, VDIs, shared devices).
Treat unpatched systems as high risk. If local user access has been possible, consider them potentially compromised.
After patching, confirm the updated cldflt.sys version and reboot systems if needed.
