CVE-2025-54919
published 2025-09-09CVE-2025-54919: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute…
high7.5CVSS 3.1
AVLACHPRLUIRSCCHIHAH
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_21h2 | < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_22h2 | < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_11_22h2 | < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_23h2 | < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_24h2 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| microsoft | windows_server_2019 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2022 | < 10.0.20348.4106 | 10.0.20348.4106 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4171 | 10.0.20348.4171 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1849 | 10.0.25398.1849 |
| microsoft | windows_server_2025 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
GHSA
GHSA-m7r4-9w8p-hfx4: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to
ghsa_unreviewed·2025-09-09
CVE-2025-54919 [HIGH] CWE-362 GHSA-m7r4-9w8p-hfx4: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
Microsoft
Windows Graphics Component Remote Code Execution Vulnerability
vendor_msrc·2025-09-09·CVSS 7.5
CVE-2025-54919 [HIGH] CWE-362 Windows Graphics Component Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Description: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution enviro
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
blogs_bleepingcomputer·2025-09-09·CVSS 8.8
[HIGH] Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
## Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
## Lawrence Abrams
41 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
22 Remote Code Execution Vulnerabilities
16 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday.
Therefore, the number of flaws does not include three Azure, one Dynamics 365 FastTrack Implementation Assets, two Mariner, five Microsoft Edge, and 1 Xbox vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5065426 & KB5065431 cumulative updat
Qualys
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review
blogs_qualys·2025-09-09
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2025
Adobe Patches for September 2025
Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
Automating Risk Elimination and Accelerating Response: Meet Agent Sara
EVALUATE Vendor-Suggested Mitigation withPolicy Audit
Qualys Monthly Webinar Series
It’s the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft’s September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes
Qualys
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review | Qualys
blogs_qualys·2025-09-09
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2025
- Adobe Patches for September 2025
- Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- Automating Risk Elimination and Accelerating Response: Meet Agent Sara
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit
- Qualys Monthly Webinar Series
It’s the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft’s September 2025 Patch Tuesday has arrived, bringing a fresh wave of s
2025-09-09
Published