CVE-2025-60722 is a path traversal vulnerability classified under CWE-22 found in Microsoft OneDrive for Android version 1.0. This vulnerability arises from improper validation and limitation of file pathnames, allowing an attacker with authorized access to craft malicious path inputs that escape the intended restricted directories. By exploiting this flaw, an attacker can overwrite or modify files outside the designated storage areas, potentially altering application files or user data. The vulnerability requires the attacker to have some level of privileges within the app environment and network access, but does not require user interaction, making remote exploitation feasible within a local network or via compromised credentials. The impact primarily affects data integrity, as attackers can modify files, but does not directly compromise confidentiality or availability. The CVSS 3.1 base score is 6.5, reflecting medium severity with an attack vector over the network, low attack complexity, and privileges required. No known public exploits have been reported yet, and no patches were linked at the time of publication, indicating the need for vigilance and prompt patching once available. The vulnerability's presence in a widely used cloud storage app on Android devices raises concerns for enterprise environments where OneDrive is integrated for file synchronization and sharing.

For European organizations, this vulnerability poses a risk to the integrity of files managed via OneDrive for Android, potentially allowing attackers to modify or corrupt critical documents or configuration files. This could disrupt business operations, lead to data loss, or facilitate further privilege escalation attacks within mobile environments. Given OneDrive’s integration with Microsoft 365 services, compromised mobile endpoints could serve as pivot points for broader network intrusion. The lack of confidentiality impact reduces the risk of data leakage, but integrity violations could undermine trust in document authenticity and compliance with data governance regulations such as GDPR. Organizations relying heavily on mobile device management and cloud synchronization should consider this a moderate threat, especially in sectors with sensitive or regulated data. The absence of known exploits provides a window for proactive mitigation before active attacks emerge.

Organizations should monitor Microsoft’s official channels for patches addressing CVE-2025-60722 and apply updates promptly once released. Until patches are available, restricting OneDrive app permissions on Android devices can limit the scope of potential exploitation, such as denying unnecessary file system access. Employing mobile device management (MDM) solutions to enforce security policies and restrict installation of unauthorized apps reduces risk exposure. Network segmentation and monitoring for unusual file access patterns or privilege escalations on mobile devices can help detect exploitation attempts. Educating users about the risks of granting excessive permissions and ensuring strong authentication mechanisms for OneDrive access further reduce attack vectors. Additionally, auditing synchronization logs and verifying file integrity regularly can help identify anomalies caused by exploitation of this vulnerability.