CVE-2025-50170 — Improper Handling of Insufficient Permissions or Privileges in Microsoft Windows 10 Version 1809

CWE-280 — Improper Handling of Insufficient Permissions or Privileges CWE-401 — Missing Release of Memory after Effective Lifetime6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 74.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 Microsoft Windows 10 Version 22h2 +14 more

Timeline

PublishedAug 12

Description

Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

▶NVDmicrosoft/windows< 10.0.17763.7678+3

▶NVDmicrosoft/windows_10_1809< 10.0.17763.7678

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.6216

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.6216

▶NVDmicrosoft/windows_11_22h2< 10.0.22621.5768

🔴Vulnerability Details

CVEList

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability↗2025-08-12

▶

GHSA

GHSA-9mw6-xc46-hffj: Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privile↗2025-08-12

▶

📋Vendor Advisories

Microsoft

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability↗2025-08-12

▶

Microsoft

net: bcmasp: fix potential memory leak in bcmasp_xmit()↗2024-11-12

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws↗2025-08-12

▶