CVE-2025-58727

EPSS 0.05%
Veröffentlicht 14.10.2025 17:01:19
Zuletzt bearbeitet 06.11.2025 15:26:27
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.6456

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.6456

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.6060

Microsoft ≫ Windows 11 23h2 Version <= 10.0.22631.6060

Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.6899

Microsoft ≫ Windows 11 25h2 Version < 10.0.26200.6899

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1913

Microsoft ≫ Windows Server 2025 Version <= 10.0.26100.6899

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58727

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-58727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58727

EUVD