CVE-2025-54114

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6332affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6332affected
MicrosoftWindows 11 version 22H210.0.22621.0 < 10.0.22621.5909affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.5909affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.5909affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.6584affected
MicrosoftWindows Server 201610.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows Server 2016 (Server Core installation)10.0.14393.0 < 10.0.14393.8422affected
MicrosoftWindows Server 202210.0.20348.0 < 10.0.20348.4171affected
MicrosoftWindows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 < 10.0.25398.1849affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.6584affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.6584affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-822: CWE-822: Untrusted Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References