CVE-2025-29841Race Condition in Microsoft Windows 10 Version 21h2

CWE-362Race ConditionCWE-416Use After Free9 documents7 sources
Severity
7.0HIGHNVD
EPSS
0.3%
top 51.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2Microsoft Windows 11 Version 22h2+11 more
Timeline
PublishedMay 13

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages14 packages

NVDmicrosoft/windows< 10.0.20348.3692+2
NVDmicrosoft/windows_10_21h2< 10.0.19044.5854
NVDmicrosoft/windows_10_22h2< 10.0.19045.5854
NVDmicrosoft/windows_11_22h2< 10.0.22621.5335
NVDmicrosoft/windows_11_23h2< 10.0.22631.5335

🔴Vulnerability Details

2
CVEList
Universal Print Management Service Elevation of Privilege Vulnerability2025-05-13
GHSA
GHSA-88m4-xjxp-h8hj: Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized2025-05-13

📋Vendor Advisories

1
Microsoft
Universal Print Management Service Elevation of Privilege Vulnerability2025-05-13

🕵️Threat Intelligence

5
Qualys
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review2025-05-13
Qualys
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review | Qualys2025-05-13
Talos
Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities2025-05-13
Talos
Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities2025-05-13
Bleepingcomputer
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws2025-05-13
CVE-2025-29841 — Race Condition in Microsoft | cvebase