CVE-2025-29841

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.5854affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.5854affected
MicrosoftWindows 11 version 22H210.0.22621.0 < 10.0.22621.5335affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.5335affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.5335affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.4061affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.3692affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1611affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.4061affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.4061affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-416: CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References