CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The vulnerability was identified in WARP, versions 2025.1.861.0. The vulnerability in Cloudflare WARP was discovered in a laboratory setting on MacOS. Local priviledge escalation allows an attacker to escalate privileges from a normal user to root To exploit the vulnerability, the Warp package mu...

5.4CVSS7.7AI score

Exploits0

RedhatCVE•added 2025/05/23 11:57 a.m.•3 views

CVE-2025-0651

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will...

7.1CVSS6.9AI score0.00218EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:31 a.m.•3 views

CVE-2023-1862

Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...

7.3CVSS7AI score0.00398EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:13 a.m.•7 views

CVE-2023-1412

An unprivileged non-admin user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows = 2022.12.582.0 to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks oplock and symbolic links which can both be creat...

7.8CVSS7AI score0.00081EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 1:51 a.m.•8 views

CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses...

7.4CVSS6.6AI score0.00926EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:23 p.m.•5 views

CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0...

7.8CVSS7.8AI score0.001EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:23 p.m.•5 views

CVE-2022-2145

Cloudflare WARP client for Windows up to v. 2022.5.309.0 allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files...

7.8CVSS7.2AI score0.00093EPSS

Exploits0References1

OSV•added 2025/01/22 6:15 p.m.•2 views

CVE-2025-0651

7.1CVSS5.8AI score

Exploits0References1

NVD•added 2025/01/22 6:15 p.m.•11 views

CVE-2025-0651

7.1CVSS0.00218EPSS

Exploits0References1

Cvelist•added 2025/01/22 5:34 p.m.•16 views

CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user

6.1CVSS0.00218EPSS

Exploits0References1

AlpineLinux•added 2025/01/22 5:34 p.m.•2 views

CVE-2025-0651

7.1CVSS7.2AI score0.00218EPSS

Exploits0References1

CVE•added 2025/01/22 5:34 p.m.•84 views

CVE-2025-0651

CVE-2025-0651 describes an improper privilege management issue in Cloudflare WARP for Windows. A low-privilege user can create a set of symlinks in C:\ProgramData\Cloudflare\warp-diag-partials. When a user triggers the “Reset all settings” option, the WARP service (running with System privileges)...

7.1CVSS6.5AI score0.00218EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/01/22 5:34 p.m.•3 views

CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user

6.1CVSS6.5AI score0.00218EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by