cbcvebase.
CVE-2025-64658
published 2025-12-09

CVE-2025-64658: Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate…

high7.5CVSS 3.1
AVLACHPRLUIRSCCHIHAH
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_1809< 10.0.17763.814610.0.17763.8146
microsoftwindows_10_21h2< 10.0.19044.669110.0.19044.6691
microsoftwindows_10_22h2< 10.0.19045.669110.0.19045.6691
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.669110.0.19044.6691
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.669110.0.19045.6691
microsoftwindows_11_23h2< 10.0.22631.634510.0.22631.6345
microsoftwindows_11_24h2< 10.0.26100.739210.0.26100.7392
microsoftwindows_11_25h2< 10.0.26200.739210.0.26200.7392
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.634510.0.22631.6345
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.634510.0.22631.6345
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.746210.0.26100.7462
microsoftwindows_11_version_25h2>= 10.0.26200.0 < 10.0.26200.746210.0.26200.7462
microsoftwindows_server_2019< 10.0.17763.814610.0.17763.8146
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
microsoftwindows_server_2022< 10.0.20348.446710.0.20348.4467
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.452910.0.20348.4529
microsoftwindows_server_2022_23h2< 10.0.25398.202510.0.25398.2025
microsoftwindows_server_2025< 10.0.26100.739210.0.26100.7392
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.746210.0.26100.7462
msrcwindows_10_version_1809
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_11_version_23h2
msrcwindows_11_version_24h2