CVE-2025-62218

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 160710.0.14393.0 < 10.0.14393.8594affected
MicrosoftWindows 10 Version 180910.0.17763.0 < 10.0.17763.8027affected
MicrosoftWindows 10 Version 21H210.0.19044.0 < 10.0.19044.6575affected
MicrosoftWindows 10 Version 22H210.0.19045.0 < 10.0.19045.6575affected
MicrosoftWindows 11 version 22H310.0.22631.0 < 10.0.22631.6199affected
MicrosoftWindows 11 Version 23H210.0.22631.0 < 10.0.22631.6199affected
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.7171affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.7171affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References