VDB

GCVE-110-NCSC-2025-383

GCVE-110-NCSC-2025-383
Advisory PublishedCVSS 7.8/10
Vulnetix · Advisory published December 9, 2025
A heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver allows an authorized attacker to locally elevate their privileges.

Weaknesses (CWE)

CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-476NULL Pointer DereferenceCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-416Use After FreeCWE-126Buffer Over-readCWE-822Untrusted Pointer DereferenceCWE-20Improper Input ValidationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-284Improper Access ControlCWE-306Missing Authentication for Critical FunctionCWE-191Integer Underflow (Wrap or Wraparound)

Risk Scores

CVSS 3.1
7.8/10
High · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›