CVE-2025-62215
Microsoft Windows Race Condition Vulnerability - [Actively Exploited]
Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
INFO
Published Date :
Nov. 11, 2025, 6:15 p.m.
Last Modified :
Nov. 14, 2025, 2 a.m.
Remotely Exploit :
No
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215
Affected Products
The following products are affected by CVE-2025-62215
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | f38d906d-7342-40ea-92c1-6c4a2c6478c8 | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply all available Windows security updates.
- Install the latest cumulative update.
- Restart the system if required.
Public PoC/Exploit Available at Github
CVE-2025-62215 has a 7 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-62215.
| URL | Resource |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-62215 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-62215
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This PoC demonstrates a race condition in the Windows kernel leading to a double-free vulnerability, allowing local privilege escalation to SYSTEM. The exploit uses multithreaded handle manipulation and heap spraying to trigger the flaw under controlled conditions.
C++
Hands‑on analysis of CVE‑2025‑62215, a Windows Kernel race condition exploited in the wild. Demonstrates privilege escalation to SYSTEM, detection scripts, and patch validation strategies for enterprise defenders and red teamers.
CVE-2025-62215 is an Elevation of Privilege (EoP) vulnerability in the Windows Kernel, disclosed in November 2025 and confirmed to be actively exploited as a zero-day.
C++
Microsoft that patches can be used against them
None
PowerShell
None
Python
OSCP Cheat Sheet
oscp oscp-guide cheat-sheet cheatsheet offensive offensive-security offsec penetration-testing pentesting security oscp-plus
Python Shell C PHP PowerShell ASP.NET
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-62215 vulnerability anywhere in the article.
-
CrowdStrike.com
November 2025 Patch Tuesday: One Zero-Day and Five Critical Vulnerabilities Among 63 CVEs
Microsoft has addressed 63 vulnerabilities in its November 2025 security update release, almost one third from October's record-breaking 172 patches. This month's updates address one actively exploite ... Read more
-
Help Net Security
Week in review: Windows kernel flaw patched, suspected Fortinet FortiWeb zero-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adopting a counterintelligence mindset in luxury logistics In this Help Net Security interview, Andrea ... Read more
-
The Cyber Express
Akira Ransomware Group Poses ‘Imminent Threat’ to Critical Infrastructure: CISA
The Akira ransomware group poses an “imminent threat to critical infrastructure,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today. CISA joined with the FBI, other U.S. ag ... Read more
-
Help Net Security
“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In C ... Read more
-
BleepingComputer
CISA warns of WatchGuard firewall flaw exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has warned government agencies to patch an actively exploited vulnerability impacting WatchGuard Firebox firewalls. Remote attackers can ... Read more
-
The Hacker News
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Nov 13, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Firewar ... Read more
-
TheCyberThrone
CISA KEV Catalog Update November 2025
November 13, 2025The following vulnerabilities were recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog and involve WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox pro ... Read more
-
security.nl
Patch Tuesday: Microsoft dicht actief uitgebuit lek en diverse kritieke kwetsbaarheden
Microsoft verhelpt deze maand meerdere beveiligingslekken, waaronder één kwetsbaarheid die actief wordt misbruikt. Het gaat om een kwetsbaarheid in Windows-kernel (CVE-2025-62215), dat aanvallers de m ... Read more
-
Help Net Security
Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)
Microsoft has delivered a rather light load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have received a fix, among them an actively exploited Windows Kernel flaw (CVE-2025-622 ... Read more
-
The Cyber Express
Microsoft Patch Tuesday November 2025: Fixes 63 Security Flaws and One Zero-Day Exploit
Microsoft’s November Patch Tuesday release for 2025 has delivered fixes for 63 security flaws across its software portfolio, including one zero-day vulnerability already being exploited in the wild. T ... Read more
-
CybersecurityNews
Windows Kernel 0‑day Vulnerability Actively Exploited in the Wild to Escalate Privilege
Microsoft has assigned CVE-2025-62215 to a new Windows Kernel elevation of privilege flaw that is being actively exploited in the wild. Published on November 11, 2025, the vulnerability is rated Impor ... Read more
-
BleepingComputer
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also addresses four "Critica ... Read more
-
Zero Day Initiative
The November 2025 Security Update Review
I’ve made it through Pwn2Own Ireland, and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. So affix your poppy accordingly, and let’s tak ... Read more
-
CybersecurityNews
Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed
Microsoft rolled out its November 2025 Patch Tuesday security updates today, addressing 63 vulnerabilities across its product and service ecosystem. Among these, one zero-day flaw has already been exp ... Read more
The following table lists the changes that have been made to the
CVE-2025-62215 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 14, 2025
Action Type Old Value New Value Added Date Added 2025-11-12 Added Due Date 2025-12-03 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Microsoft Windows Race Condition Vulnerability -
Initial Analysis by [email protected]
Nov. 12, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.8027 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.8027 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.6575 *cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22631.6199 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7092 *cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26200.7092 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.7092 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1965 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.4346 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.8027 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.6575 Added Reference Type Microsoft Corporation: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 Types: Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 12, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215 -
New CVE Received by [email protected]
Nov. 11, 2025
Action Type Old Value New Value Added Description Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. Added CVSS V3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-362 Added CWE CWE-415 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215