CVE-2025-0651

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://developers.cloudflare.com/warp-client/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*

History

31 Jul 2025, 19:47

Type	Values Removed	Values Added
First Time		Cloudflare warp Cloudflare
References	~~() https://developers.cloudflare.com/warp-client/ -~~	() https://developers.cloudflare.com/warp-client/ - Product
Summary		(es) La vulnerabilidad de administración de privilegios incorrecta en Cloudflare WARP en Windows permite la manipulación de archivos. El usuario con privilegios de sistema bajos puede crear un conjunto de enlaces simbólicos dentro de la carpeta C:\ProgramData\Cloudflare\warp-diag-partials. Después de activar la opción "Restablecer todas las configuraciones", el servicio WARP eliminará los archivos a los que apuntaba el enlace simbólico. Dado que el servicio WARP opera con privilegios de System, esto podría provocar la eliminación de archivos propiedad del usuario de System. Este problema afecta a WARP: antes de 2024.12.492.0.
CPE		cpe:2.3:a:cloudflare:warp::::::windows::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

22 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-22 18:15

Updated : 2025-07-31 19:47

NVD link : CVE-2025-0651

Mitre link : CVE-2025-0651

CVE.ORG link : CVE-2025-0651

JSON object : View

Products Affected

cloudflare

warp

CWE

CWE-269

Improper Privilege Management

NVD-CWE-noinfo

{"id": "CVE-2025-0651", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:X/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-01-22T18:15:20.363", "references": [{"url": "https://developers.cloudflare.com/warp-client/", "tags": ["Product"], "source": "cna@cloudflare.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@cloudflare.com", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation.\n\nUser with a low system privileges\u00a0 can create a set of symlinks inside the\u00a0C:\\ProgramData\\Cloudflare\\warp-diag-partials folder. After triggering the 'Reset all settings\" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user.\nThis issue affects WARP: before 2024.12.492.0."}, {"lang": "es", "value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en Cloudflare WARP en Windows permite la manipulaci\u00f3n de archivos. El usuario con privilegios de sistema bajos puede crear un conjunto de enlaces simb\u00f3licos dentro de la carpeta C:\\ProgramData\\Cloudflare\\warp-diag-partials. Despu\u00e9s de activar la opci\u00f3n \"Restablecer todas las configuraciones\", el servicio WARP eliminar\u00e1 los archivos a los que apuntaba el enlace simb\u00f3lico. Dado que el servicio WARP opera con privilegios de System, esto podr\u00eda provocar la eliminaci\u00f3n de archivos propiedad del usuario de System. Este problema afecta a WARP: antes de 2024.12.492.0."}], "lastModified": "2025-07-31T19:47:25.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "0F1AFCBC-3F84-4683-B988-AAC691FB2794", "versionEndExcluding": "2024.12.492.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}