# Titles:  Microsoft Windows - Storage QoS Filter Driver Checker
# Author: nu11secur1ty
# Date: 08/04/2025
# Vendor: Microsoft
# Software: https://www.microsoft.com/en-us/software-download/windows11
# Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730

## Description
This PowerShell script checks if your Windows system is vulnerable to
**CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys`
Storage QoS Filter Driver.

## Features

- Detects if the `storqosflt` driver is present.
- Retrieves the driver version and compares it against the known patched
version (`10.0.26100.1`).
- Verifies the driver's digital signature to ensure authenticity.
- Calculates the SHA-256 hash of the driver file for integrity verification.
- Retrieves recent system event logs related to `storqosflt` to identify
suspicious or unusual activity.

## Usage

1. Open PowerShell with Administrator privileges.
2. Run the script:

   ```powershell
   .\Check-StorQoS-CVE2025.ps1
   ```

3. Review the output:

   - **Red messages** indicate vulnerable or suspicious conditions (e.g.,
vulnerable driver version or invalid digital signature).
   - **Yellow messages** indicate warnings or missing data.
   - **Green messages** indicate good or safe status.

## Requirements

- Windows PowerShell (tested on Windows 10 and 11).
- Execution policy set to allow running local scripts (`Set-ExecutionPolicy
RemoteSigned` may be needed).
- Administrator privileges recommended for full access to driver info and
logs.

## Disclaimer

This script **does not** attempt to exploit the vulnerability. It only
checks system status to **prove** vulnerability presence or absence based
on driver version, signature, and logs.

## Contact

For questions or improvements, please open an issue or contact the author.


# Source:
[href](
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)


# Buy me a coffee if you are not ashamed:
[href](https://www.paypal.com/donate/?hosted_button_id=ZPQZT5XMC5RFY)


# Source download
[href](
https://nu11secur1ty.github.io/DownGit/#/home?url=https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2025/CVE-2025-49730
)

# Time spent:
01:35:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

--

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstorm.news/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>