CVE-2025-59220Race Condition in Microsoft Windows 10 Version 21h2

CWE-362Race ConditionCWE-416Use After Free4 documents4 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 94.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Windows 10 Version 21h2Microsoft Windows 10 Version 22h2Microsoft Windows 11 Version 22h2+11 more
Timeline
PublishedSep 18
Latest updateSep 19

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages14 packages

NVDmicrosoft/windows< 10.0.20348.4106+2
NVDmicrosoft/windows_10_21h2< 10.0.19044.6332
NVDmicrosoft/windows_10_22h2< 10.0.19045.6332
NVDmicrosoft/windows_11_22h2< 10.0.22621.5909
NVDmicrosoft/windows_11_23h2< 10.0.22631.5909

🔴Vulnerability Details

2
GHSA
GHSA-pxgp-hqj6-728f: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker2025-09-19
CVEList
Windows Bluetooth Service Elevation of Privilege Vulnerability2025-09-18

📋Vendor Advisories

1
Microsoft
Windows Bluetooth Service Elevation of Privilege Vulnerability2025-09-09
CVE-2025-59220 — Race Condition in Microsoft | cvebase