nvd-json-data-feeds/CVE-2025/CVE-2025-06xx/CVE-2025-0651.json

{
  "id": "CVE-2025-0651",
  "sourceIdentifier": "cna@cloudflare.com",
  "published": "2025-01-22T18:15:20.363",
  "lastModified": "2025-01-22T18:15:20.363",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation.\n\nUser with a low system privileges\u00a0 can create a set of symlinks inside the\u00a0C:\\ProgramData\\Cloudflare\\warp-diag-partials folder. After triggering the 'Reset all settings\" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user.\nThis issue affects WARP: before 2024.12.492.0."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en Cloudflare WARP en Windows permite la manipulaci\u00f3n de archivos. El usuario con privilegios de sistema bajos puede crear un conjunto de enlaces simb\u00f3licos dentro de la carpeta C:\\ProgramData\\Cloudflare\\warp-diag-partials. Despu\u00e9s de activar la opci\u00f3n \"Restablecer todas las configuraciones\", el servicio WARP eliminar\u00e1 los archivos a los que apuntaba el enlace simb\u00f3lico. Dado que el servicio WARP opera con privilegios de System, esto podr\u00eda provocar la eliminaci\u00f3n de archivos propiedad del usuario de System. Este problema afecta a WARP: antes de 2024.12.492.0."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cna@cloudflare.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:X/RE:L/U:Green",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "LOW",
          "userInteraction": "ACTIVE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "HIGH",
          "vulnAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "subAvailabilityImpact": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NEGLIGIBLE",
          "Automatable": "NOT_DEFINED",
          "Recovery": "USER",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "LOW",
          "providerUrgency": "GREEN"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@cloudflare.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://developers.cloudflare.com/warp-client/",
      "source": "cna@cloudflare.com"
    }
  ]
}