CVE-2025-62215
Analyzed
Published: 11 Nov 2025, 18:15
Last modified:14 Nov 2025, 02:00
Vulnerability Summary
Overall Risk
High Risk
58/100 AI Analysis
Emergency
Requires Immediate Action AI Detection
Active in Wild
Exploitation Detected CVSS Score
7 HIGH
CVSS v3.1 (MICROSOFT)
EPSS Score
0.71% INFO
1% probability 0.00%
CISA KEV
Listed
Microsoft
Ransomware
Known Use
Exploits
None found
Dark Web
Activity detected
Telegram
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
Source Identifier: secure@microsoft.com
| CVSS | Source | Severity | Exploit. | Impact | Vector |
|---|---|---|---|---|---|
| v4.0 | n/a | ||||
| v3.1 | Primarysecure@microsoft.com | 7 HIGH | 1 | 5.9 | CVSS:3.1/AV:L/AC:H/PR:L/U... |
| v3.0 | n/a | ||||
| v2.0 | n/a | ||||
0.53%
Current Score
0.00%
66%ile
Percentile Rank
0.00%
Loading chart...
Loading chart...
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-362
Description:The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Vulnerability Name:Microsoft Windows Race Condition Vulnerability
Added to CISA Catalog:12 Nov 2025, 00:00
Action Due:03 Dec 2025, 00:00
Known Ransomware: Ransomware
Required Action:Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Telegram Activity Detected
This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.
No known public exploit code indexed (as of 14 Nov 2025, 02:00).
Exploitation status can change quickly once PoC code appears.
Affected Configurations (CPE)
microsoft windows_10_1809Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
microsoft windows_10_1809Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
microsoft windows_10_21h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
microsoft windows_10_22h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
microsoft windows_11_23h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
microsoft windows_11_24h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
microsoft windows_11_25h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
microsoft windows_server_2019Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
microsoft windows_server_2022Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
microsoft windows_server_2022_23h2Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
microsoft windows_server_2025Vulnerable
Version: *
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
| URL | Tags | Source |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 | - | secure@microsoft.com |
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 | vendor advisory | secure@microsoft.com |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215 | - | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215 | us government resource | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |