7.8

CVE-2025-55236

Graphics Kernel Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1809 HwPlatformx64 Version < 10.0.17763.7792
MicrosoftWindows 10 1809 HwPlatformx86 Version < 10.0.17763.7792
MicrosoftWindows 10 21h2 Version < 10.0.19044.6332
MicrosoftWindows 10 22h2 Version < 10.0.19045.6332
MicrosoftWindows 11 22h2 Version < 10.0.22621.5909
MicrosoftWindows 11 23h2 Version < 10.0.22631.5909
MicrosoftWindows 11 24h2 Version < 10.0.26100.6508
MicrosoftWindows Server 2019 Version < 10.0.17763.7792
MicrosoftWindows Server 2022 Version < 10.0.20348.4106
MicrosoftWindows Server 2022 23h2 Version < 10.0.25398.1849
MicrosoftWindows Server 2025 Version < 10.0.26100.6508
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.267
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.