CVE-2025-62469

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 11 Version 24H210.0.26100.0 < 10.0.26100.7462affected
MicrosoftWindows 11 Version 25H210.0.26200.0 < 10.0.26200.7462affected
MicrosoftWindows Server 202510.0.26100.0 < 10.0.26100.7462affected
MicrosoftWindows Server 2025 (Server Core installation)10.0.26100.0 < 10.0.26100.7462affected

Weaknesses

  • CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-415: CWE-415: Double Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References