HomeDescription
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
PUBLISHED Reserved 2025-10-08 | Published 2025-11-11 | Updated 2025-11-12 | Assigner microsoft
HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
CISA Known Exploited Vulnerability
Date added 2025-11-12 | Due date 2025-12-03
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Problem types
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-415: Double Free
Product status
10.0.17763.0 (custom) before 10.0.17763.8027
affected
10.0.17763.0 (custom) before 10.0.17763.8027
affected
10.0.17763.0 (custom) before 10.0.17763.8027
affected
10.0.20348.0 (custom) before 10.0.20348.4405
affected
10.0.19044.0 (custom) before 10.0.19044.6575
affected
10.0.19045.0 (custom) before 10.0.19045.6575
affected
10.0.26100.0 (custom) before 10.0.26100.7171
affected
10.0.26200.0 (custom) before 10.0.26200.7171
affected
10.0.22631.0 (custom) before 10.0.22631.6199
affected
10.0.22631.0 (custom) before 10.0.22631.6199
affected
10.0.25398.0 (custom) before 10.0.25398.1965
affected
10.0.26100.0 (custom) before 10.0.26100.7171
affected
10.0.26100.0 (custom) before 10.0.26100.7171
affected
References
www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-62215 government-resource
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 (Windows Kernel Elevation of Privilege Vulnerability) vendor-advisory
cve.org
(CVE-2025-62215)
nvd.nist.gov
(CVE-2025-62215)
Download JSON
