New Windows vulnerability enables privilege escalation

A high-severity privilege escalation vulnerability, tracked as CVE-2025-55680, has been discovered in the Windows Cloud Files Mini Filter Driver, enabling local attackers to gain full system control, reports Cyber Security News.

The flaw exists within the cldsync.sys driver and stems from a logical error in how it validates file paths during placeholder file creation. Although Microsoft had previously implemented checks to block malicious characters that enable symbolic link attacks, researchers found these checks can be bypassed using a Time-of-Check Time-of-Use race condition.

This technique allows an attacker to alter a file path in kernel memory after it passes validation but before the file operation completes, effectively tricking the system into writing to a protected location. The exploit requires local access but is considered straightforward and reliable, allowing any authenticated user to inject malicious code into system processes and achieve SYSTEM-level privileges.

This represents a significant security risk, as it provides a direct path for an attacker to escalate privileges and maintain persistence on a compromised machine.