CVE-2025-55236
published 2025-09-09CVE-2025-55236: Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_21h2 | < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_22h2 | < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_11_22h2 | < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_23h2 | < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_24h2 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| microsoft | windows_server_2019 | < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7792 | 10.0.17763.7792 |
| microsoft | windows_server_2022 | < 10.0.20348.4106 | 10.0.20348.4106 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4171 | 10.0.20348.4171 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1849 | 10.0.25398.1849 |
| microsoft | windows_server_2025 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
GHSA
GHSA-6qph-w3p3-9cv3: Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally
ghsa_unreviewed·2025-09-09
CVE-2025-55236 [HIGH] CWE-367 GHSA-6qph-w3p3-9cv3: Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally
Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
Microsoft
Graphics Kernel Remote Code Execution Vulnerability
vendor_msrc·2025-09-09·CVSS 7.3
CVE-2025-55236 [HIGH] CWE-367 Graphics Kernel Remote Code Execution Vulnerability
Graphics Kernel Remote Code Execution Vulnerability
Description: Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.
FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
An authorized
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
blogs_bleepingcomputer·2025-09-09·CVSS 8.8
[HIGH] Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
## Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
## Lawrence Abrams
41 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
22 Remote Code Execution Vulnerabilities
16 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released on Patch Tuesday.
Therefore, the number of flaws does not include three Azure, one Dynamics 365 FastTrack Implementation Assets, two Mariner, five Microsoft Edge, and 1 Xbox vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5065426 & KB5065431 cumulative updat
Talos
Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
blogs_talos·2025-09-09·CVSS 4.8
[MEDIUM] Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.
In this month’s release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where exploitation may be likely. Five consist of elevation of privileges, two may result in information disclosure and only one, CVE-2025-54916, is a remote code execution (RCE) vulnerability.
CVE-2025-54916 is an RCE vulnerability caused by a stack-buffer overflow in Windows NTFS that allows an authorized attacker to execute code over the network. Microsoft has noted that this vulnerability affects different versio
Qualys
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review
blogs_qualys·2025-09-09
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2025
Adobe Patches for September 2025
Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
Automating Risk Elimination and Accelerating Response: Meet Agent Sara
EVALUATE Vendor-Suggested Mitigation withPolicy Audit
Qualys Monthly Webinar Series
It’s the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft’s September 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes
Talos
Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
blogs_talos·2025-09-09·CVSS 4.8
CVE-2025-54916 [MEDIUM] Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.
In this month’s release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where exploitation may be likely. Five consist of elevation of privileges, two may result in information disclosure and only one, CVE-2025-54916, is a remote code execution (RCE) vulnerability.
CVE-2025-54916 is an RCE vulnerability caused by a stack-buffer overflow in Windows NTFS that allows an authorized attacker to execute code over the network. Microsoft has noted that this vulnerability affects different versions of Windows 10, 11, Server 2008, 2012, 2016, 2019, 2022 and 2025.
CVE-2025-54910 is an R
Qualys
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review | Qualys
blogs_qualys·2025-09-09
Microsoft and Adobe Patch Tuesday, September 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2025
- Adobe Patches for September 2025
- Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- Automating Risk Elimination and Accelerating Response: Meet Agent Sara
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit
- Qualys Monthly Webinar Series
It’s the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft’s September 2025 Patch Tuesday has arrived, bringing a fresh wave of s
Crowdstrike
September 2025 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] September 2025 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2025-09-09
Published