Microsoft Windows - Storage QoS Filter Driver Checker

EDB-ID:

52399

CVE:

2025-49730

EDB Verified:

Author:

nu11secur1ty

Type:

local

Exploit:   /  

Platform:

Windows

Date:

2025-08-11

Vulnerable App: 
# Titles:  Microsoft Windows - Storage QoS Filter Driver Checker
# Author: nu11secur1ty
# Date: 08/04/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730

## Description
This PowerShell script checks if your Windows system is vulnerable to
**CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys`
Storage QoS Filter Driver.

## Features

- Detects if the `storqosflt` driver is present.
- Retrieves the driver version and compares it against the known patched
version (`10.0.26100.1`).
- Verifies the driver's digital signature to ensure authenticity.
- Calculates the SHA-256 hash of the driver file for integrity verification.
- Retrieves recent system event logs related to `storqosflt` to identify
suspicious or unusual activity.

## Usage

1. Open PowerShell with Administrator privileges.
2. Run the script:

   ```powershell
   .\Check-StorQoS-CVE2025.ps1
   ```

3. Review the output:

   - **Red messages** indicate vulnerable or suspicious conditions (e.g.,
vulnerable driver version or invalid digital signature).
   - **Yellow messages** indicate warnings or missing data.
   - **Green messages** indicate good or safe status.

## Requirements

- Windows PowerShell (tested on Windows 10 and 11).
- Execution policy set to allow running local scripts (`Set-ExecutionPolicy
RemoteSigned` may be needed).
- Administrator privileges recommended for full access to driver info and
logs.

## Disclaimer

This script **does not** attempt to exploit the vulnerability. It only
checks system status to **prove** vulnerability presence or absence based
on driver version, signature, and logs.

## Contact

For questions or improvements, please open an issue or contact the author.


# Source:
[href](
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)


# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)


# Source download
[href](
https://nu11secur1ty.github.io/DownGit/#/home?url=https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)

# Time spent:
01:35:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

-- 

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services