CVE-2025-49690
published 2025-07-08CVE-2025-49690: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an…
PriorityP342high7.4CVSS 3.1
AVLACHPRNUINSUCHIHAH
EPSS
0.25%
15.8th percentile
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_21h2 | < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_22h2 | < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6093 | 10.0.19044.6093 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6093 | 10.0.19045.6093 |
| microsoft | windows_11_22h2 | < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_23h2 | < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_24h2 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5624 | 10.0.22621.5624 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5624 | 10.0.22631.5624 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2019 | < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7558 | 10.0.17763.7558 |
| microsoft | windows_server_2022 | < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3932 | 10.0.20348.3932 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1732 | 10.0.25398.1732 |
| microsoft | windows_server_2025 | < 10.0.26100.4652 | 10.0.26100.4652 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.4652 | 10.0.26100.4652 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8p5q-pxrp-9p6g: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an
ghsa_unreviewed·2025-07-08
CVE-2025-49690 [HIGH] CWE-362 GHSA-8p5q-pxrp-9p6g: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
Microsoft
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
vendor_msrc·2025-07-08·CVSS 7.4
CVE-2025-49690 [HIGH] CWE-362 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Capability Access Management Service (camsvc): Capability Access Management Service (camsvc)
Micros
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-08
Published