How severe is CVE-2025-0651?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-0651?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2025-0651 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0.

Related Vulnerabilities

CVE-2018-4310

CRITICAL

CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CWE-2692018

CVE-2020-27655

CRITICAL

CVSS:10.0(Critical)

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CWE-2692020

CVE-2021-1388

CRITICAL

CVSS:10.0(Critical)

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on a...

CWE-2692021

CVE-2022-24783

CRITICAL

CVSS:10.0(Critical)

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

CWE-2692022

CVE-2024-6240

CRITICAL

CVSS:10.0(Critical)

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro...

CWE-2692024

CVE-2025-0505

CRITICAL

CVSS:10.0(Critical)

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary...

CWE-2692025