CVE-2025-62215

HighCISA KEVActive Exploitation

Published: 11 November 2025

Published

11 November 2025

Modified

14 November 2025

KEV Added

12 November 2025

Patch

—

CVSS Score 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0237 85.1th percentile

Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely installation of Microsoft patches that remediate the race condition and double free in the Windows Kernel.

SC-4 Information in Shared System Resources good match

prevent

Prevents unauthorized information transfer via shared kernel resources, directly addressing the improper synchronization in concurrent access that enables the race condition.

AC-6 Least Privilege partial match

prevent

Limits the potential impact of local privilege escalation by enforcing least privilege for low-privilege attackers attempting to trigger the kernel vulnerability.

Security SummaryAI

CVE-2025-62215 is a race condition vulnerability (CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition); CWE-415: Double Free) in the Windows Kernel. Published on 2025-11-11T18:15:48.920, it carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw arises from improper synchronization during concurrent access to a shared resource in the kernel, enabling local privilege escalation for authorized attackers.

A local attacker with low privileges (PR:L) can exploit this vulnerability by triggering the race condition, which requires high attack complexity (AC:H) but no user interaction (UI:N). Successful exploitation grants high-impact confidentiality, integrity, and availability compromises (C:H/I:H/A:H) without changing scope (S:U), typically resulting in elevated privileges on the affected Windows system.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215 details patches and mitigation steps. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215, signaling active real-world exploitation.

Details

CWE(s): CWE-362 CWE-415
KEV Date Added: 12 November 2025

Affected Products

microsoft

windows 10 1809

≤ 10.0.17763.8027 · ≤ 10.0.17763.8027

microsoft

windows 10 21h2

≤ 10.0.19044.6575

microsoft

windows 10 22h2

≤ 10.0.19045.6575

microsoft

windows 11 23h2

≤ 10.0.22631.6199

microsoft

windows 11 24h2

≤ 10.0.26100.7092

microsoft

windows 11 25h2

≤ 10.0.26200.7092

microsoft

windows server 2019

≤ 10.0.17763.8027

microsoft

windows server 2022

≤ 10.0.20348.4346

microsoft

windows server 2022 23h2

≤ 10.0.25398.1965

microsoft

windows server 2025

≤ 10.0.26100.7092

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE-2025-62215 is a Windows Kernel race condition (CWE-362) and double free (CWE-415) vulnerability explicitly enabling local privilege escalation from low privileges, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215
Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0