CVE-2025-53132 | THREATINT

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.

Reserved 2025-06-26 | Published 2025-08-12 | Updated 2025-08-13 | Assigner microsoft

HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416: Use After Free

Product status

10.0.17763.0 before 10.0.17763.7678

affected

10.0.17763.0 before 10.0.17763.7678

affected

10.0.17763.0 before 10.0.17763.7678

affected

10.0.20348.0 before 10.0.20348.4052

affected

10.0.19044.0 before 10.0.19044.6216

affected

10.0.22621.0 before 10.0.22621.5768

affected

10.0.19045.0 before 10.0.19045.6216

affected

10.0.26100.0 before 10.0.26100.4946

affected

10.0.22631.0 before 10.0.22631.5768

affected

10.0.22631.0 before 10.0.22631.5768

affected

10.0.25398.0 before 10.0.25398.1791

affected

10.0.26100.0 before 10.0.26100.4946

affected

10.0.26100.0 before 10.0.26100.4946

affected

10.0.10240.0 before 10.0.10240.21100

affected

10.0.14393.0 before 10.0.14393.8330

affected

10.0.14393.0 before 10.0.14393.8330

affected

10.0.14393.0 before 10.0.14393.8330

affected

6.0.6003.0 before 6.0.6003.23471

affected

6.0.6003.0 before 6.0.6003.23471

affected

6.0.6003.0 before 6.0.6003.23471

affected

6.1.7601.0 before 6.1.7601.27872

affected

6.1.7601.0 before 6.1.7601.27872

affected

6.2.9200.0 before 6.2.9200.25622

affected

6.2.9200.0 before 6.2.9200.25622

affected

6.3.9600.0 before 6.3.9600.22725

affected

6.3.9600.0 before 6.3.9600.22725

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53132 (Win32k Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-53132)

nvd.nist.gov (CVE-2025-53132)

Download JSON