⚠ Actively exploited

Added to CISA KEV on 2025-11-12. Federal agencies required to patch by 2025-12-03. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-62215 — Race Condition in Microsoft Windows 10 Version 1809

CWE-362 — Race Condition CWE-415 — Double Free20 documents15 sources

Severity

7.0HIGHNVD

EPSS

2.4%

top 15.01%

CISA KEV

KEV

Added 2025-11-12

Due 2025-12-03

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 10 Version 1809 Microsoft Windows 10 Version 21h2 Microsoft Windows 10 Version 22h2 +14 more

Timeline

PublishedNov 11

KEV addedNov 12

KEV dueDec 3

Latest updateApr 6

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages17 packages

▶NVDmicrosoft/windows< 10.0.17763.8027+3

▶NVDmicrosoft/windows_10_1809< 10.0.17763.8027

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.6575

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.6575

▶NVDmicrosoft/windows_11_23h2< 10.0.22631.6199

🔴Vulnerability Details

CVEList

Windows Kernel Elevation of Privilege Vulnerability↗2025-11-11

▶

GHSA

GHSA-hr5f-g8f8-p354: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate↗2025-11-11

▶

VulnCheck

Microsoft Windows Race Condition Vulnerability↗2025

▶

💥Exploits & PoCs

Exploit-DB

Windows Kernel - Elevation of Privilege↗2026-04-06

▶

📋Vendor Advisories

CISA

Microsoft Windows Race Condition Vulnerability↗2025-11-12

▶

Microsoft

Windows Kernel Elevation of Privilege Vulnerability↗2025-11-11

▶

🕵️Threat Intelligence

Recorded Future

November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October↗2025-12-09

▶

Krebs

Microsoft Patch Tuesday, November 2025 Edition↗2025-11-16

▶

Krebs

Microsoft Patch Tuesday, November 2025 Edition↗2025-11-16

▶

Bleepingcomputer

CISA warns of WatchGuard firewall flaw exploited in attacks↗2025-11-13

▶

Qualys

Microsoft Patch Tuesday, November 2025 Security Update Review | Qualys↗2025-11-11

▶