CVE-2025-55680
cldflt.sys — race condition allows elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | cldflt.sys |
| Vulnerability Class | Race Condition / TOCTOU |
| CVSS | 7.0 |
| Exploited ITW | No |
| Patch Date | October 14, 2025 |
Root Cause
A TOCTOU race condition in the Cloud Files Mini Filter driver lets an attacker modify data between validation and use. Winning the race window corrupts kernel memory through crafted cloud file sync operations.
Exploitation
The attacker races a modification against the validation check in the cloud file sync path. Winning the race corrupts kernel memory for privilege escalation.
Exploitation Primitive
Cloud file sync operation → TOCTOU race
→ kernel memory corruption → SYSTEM