CVE-2025-59200

CWE-73CWE-362Race Condition4 documents4 sources
Severity
7.7HIGH
EPSS
0.1%
top 83.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
27
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+24 more
Timeline
PublishedOct 14

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:LExploitability: 1.8 | Impact: 5.3

Affected Packages27 packages

NVDmicrosoft/windows< 10.0.17763.7919+3
NVDmicrosoft/windows_10_1507< 10.0.10240.21161
NVDmicrosoft/windows_10_1607< 10.0.14393.8519
NVDmicrosoft/windows_10_1809< 10.0.17763.7919
NVDmicrosoft/windows_10_21h2< 10.0.19044.6456

🔴Vulnerability Details

2
CVEList
Data Sharing Service Spoofing Vulnerability2025-10-14
GHSA
GHSA-vm24-7qxh-j889: Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized atta2025-10-14

📋Vendor Advisories

1
Microsoft
Data Sharing Service Spoofing Vulnerability2025-10-14
CVE-2025-59200 (HIGH CVSS 7.7) | Concurrent execution using shared r | cvebase.io