Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Windows - Storage QoS Filter Driver Checker

🗓️ 11 Aug 2025 00:00:00Reported by nu11secur1tyType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 463 Views

PS checks CVE-2025-49730 storqosflt: presence, version vs 10.0.26100.1, signature, hash, logs

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2025-49730
8 Jul 202515:56
circl
CNNVD		Microsoft Windows 安全漏洞
8 Jul 202500:00
cnnvd
CNVD		Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2025-16779)
21 Jul 202500:00
cnvd
CVE		CVE-2025-49730
8 Jul 202516:58
cve
Cvelist		CVE-2025-49730 Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
8 Jul 202516:58
cvelist
Exploit DB		Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
11 Aug 202500:00
exploitdb
EUVD		EUVD-2025-20544
3 Oct 202520:07
euvd
Microsoft KB		July 8, 2025—KB5062552 (OS Builds 22621.5624 and 22631.5624)
21 Aug 202507:00
mskb
Microsoft KB		July 8, 2025—KB5062553 (OS Build 26100.4652)
21 Aug 202507:00
mskb
Microsoft KB		July 8, 2025—KB5062554 (OS Builds 19044.6093 and 19045.6093)
21 Aug 202507:00
mskb
Rows per page
# Titles:  Microsoft Windows - Storage QoS Filter Driver Checker
# Author: nu11secur1ty
# Date: 08/04/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730

## Description
This PowerShell script checks if your Windows system is vulnerable to
**CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys`
Storage QoS Filter Driver.

## Features

- Detects if the `storqosflt` driver is present.
- Retrieves the driver version and compares it against the known patched
version (`10.0.26100.1`).
- Verifies the driver's digital signature to ensure authenticity.
- Calculates the SHA-256 hash of the driver file for integrity verification.
- Retrieves recent system event logs related to `storqosflt` to identify
suspicious or unusual activity.

## Usage

1. Open PowerShell with Administrator privileges.
2. Run the script:

   ```powershell
   .\Check-StorQoS-CVE2025.ps1
   ```

3. Review the output:

   - **Red messages** indicate vulnerable or suspicious conditions (e.g.,
vulnerable driver version or invalid digital signature).
   - **Yellow messages** indicate warnings or missing data.
   - **Green messages** indicate good or safe status.

## Requirements

- Windows PowerShell (tested on Windows 10 and 11).
- Execution policy set to allow running local scripts (`Set-ExecutionPolicy
RemoteSigned` may be needed).
- Administrator privileges recommended for full access to driver info and
logs.

## Disclaimer

This script **does not** attempt to exploit the vulnerability. It only
checks system status to **prove** vulnerability presence or absence based
on driver version, signature, and logs.

## Contact

For questions or improvements, please open an issue or contact the author.


# Source:
[href](
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)


# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)


# Source download
[href](
https://nu11secur1ty.github.io/DownGit/#/home?url=https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)

# Time spent:
01:35:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Aug 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.8
EPSS0.02618
SSVC
vulnerability 2025 49730storqosflt driverdriver version checksignature verificationhash verificationevent logswindows powershell
463