Cloudflare WARP Improper Privilege Management Vulnerability on Windows Allowing File Manipulation

Vulnerability

A vulnerability in Cloudflare WARP for Windows, prior to version 2024.12.492.0, involves improper privilege management that enables file manipulation. Users with low system privileges can create symlinks in the C:\ProgramData\Cloudflare\warp-diag-partials directory. When the 'Reset all settings' option is activated, the WARP service deletes the files linked by the symlinks. Since the WARP service runs with system privileges, this could result in the unintentional deletion of files owned by the System user.

Impact

Exploitation of this vulnerability could lead to the unauthorized deletion of system-owned files, potentially disrupting system operations or causing loss of important data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

1.4

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

1.4

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare WARP Improper Privilege Management Vulnerability on Windows Allowing File Manipulation

Vulnerability

Impact

Affected Products

Cloudflare WARP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating