7.8
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
Titles: Microsoft Windows - Storage QoS Filter Driver Checker...
Basic Information
ID
EDB-ID:52399
Published
Aug 11, 2025 at 00:00
Affected Product
Affected Versions
# Titles: Microsoft Windows - Storage QoS Filter Driver Checker
# Author: nu11secur1ty
# Date: 08/04/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730
## Description
This PowerShell script checks if your Windows system is vulnerable to
**CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys`
Storage QoS Filter Driver.
## Features
- Detects if the `storqosflt` driver is present.
- Retrieves the driver version and compares it against the known patched
version (`10.0.26100.1`).
- Verifies the driver's digital signature to ensure authenticity.
- Calculates the SHA-256 hash of the driver file for integrity verification.
- Retrieves recent system event logs related to `storqosflt` to identify
suspicious or unusual activity.
## Usage
1. Open PowerShell with Administrator privileges.
2. Run the script:
```powershell
.\Check-StorQoS-CVE2025.ps1
```
3. Review the output:
- **Red messages** indicate vulnerable or suspicious conditions (e.g.,
vulnerable driver version or invalid digital signature).
- **Yellow messages** indicate warnings or missing data.
- **Green messages** indicate good or safe status.
## Requirements
- Windows PowerShell (tested on Windows 10 and 11).
- Execution policy set to allow running local scripts (`Set-ExecutionPolicy
RemoteSigned` may be needed).
- Administrator privileges recommended for full access to driver info and
logs.
## Disclaimer
This script **does not** attempt to exploit the vulnerability. It only
checks system status to **prove** vulnerability presence or absence based
on driver version, signature, and logs.
## Contact
For questions or improvements, please open an issue or contact the author.
# Source:
[href](
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)
# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)
# Source download
[href](
https://nu11secur1ty.github.io/DownGit/#/home?url=https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)
# Time spent:
01:35:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
# Author: nu11secur1ty
# Date: 08/04/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730
## Description
This PowerShell script checks if your Windows system is vulnerable to
**CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys`
Storage QoS Filter Driver.
## Features
- Detects if the `storqosflt` driver is present.
- Retrieves the driver version and compares it against the known patched
version (`10.0.26100.1`).
- Verifies the driver's digital signature to ensure authenticity.
- Calculates the SHA-256 hash of the driver file for integrity verification.
- Retrieves recent system event logs related to `storqosflt` to identify
suspicious or unusual activity.
## Usage
1. Open PowerShell with Administrator privileges.
2. Run the script:
```powershell
.\Check-StorQoS-CVE2025.ps1
```
3. Review the output:
- **Red messages** indicate vulnerable or suspicious conditions (e.g.,
vulnerable driver version or invalid digital signature).
- **Yellow messages** indicate warnings or missing data.
- **Green messages** indicate good or safe status.
## Requirements
- Windows PowerShell (tested on Windows 10 and 11).
- Execution policy set to allow running local scripts (`Set-ExecutionPolicy
RemoteSigned` may be needed).
- Administrator privileges recommended for full access to driver info and
logs.
## Disclaimer
This script **does not** attempt to exploit the vulnerability. It only
checks system status to **prove** vulnerability presence or absence based
on driver version, signature, and logs.
## Contact
For questions or improvements, please open an issue or contact the author.
# Source:
[href](
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)
# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)
# Source download
[href](
https://nu11secur1ty.github.io/DownGit/#/home?url=https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)
# Time spent:
01:35:00
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>