CVE-2025-27492 | THREATINT

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Secure Channel allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-02-26 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416: Use After Free

Product status

10.0.22621.0 (custom) before 10.0.22621.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.20348.0 (custom) before 10.0.20348.3453

affected

10.0.25398.0 (custom) before 10.0.25398.1551

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27492 (Windows Secure Channel Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-27492)

nvd.nist.gov (CVE-2025-27492)

Download JSON