By Abinaya
Publication Date: 2025-12-22 15:33:00
Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970.
The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise security.
The vulnerability exists in bfs.sys, a minifilter driver developed alongside Windows AppContainer and AppSilo, Microsoft’s sandbox mechanisms for isolating Win32 applications.
| CVE ID | Vulnerability Type | Affected Component | Security Impact | CVSS Score | Affected Versions |
|---|---|---|---|---|---|
| CVE-2025-29970 | Use-After-Free (UAF) | Brokering File System (bfs.sys) | Local Privilege Escalation | 8.8 (High) | Windows 11, Server 2022+ |
BFS manages file, pipe, and registry operations from isolated applications, making it an attractive target for privilege escalation attacks.
Microsoft Brokering File System Vulnerability
The root cause lies in improper memory management in the deallocation…
