CVE-2025-54913

HIGH

Microsoft Windows 10 1507 < 10.0.10240.21128 - Race Condition

Title source: rule

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 10.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-362 CWE-416
Status published

Affected Products (16)

microsoft/windows_10_1507 < 10.0.10240.21128
microsoft/windows_10_1507 < 10.0.10240.21128
microsoft/windows_10_1607 < 10.0.14393.8422
microsoft/windows_10_1607 < 10.0.14393.8422
microsoft/windows_10_1809 < 10.0.17763.7792
microsoft/windows_10_1809 < 10.0.17763.7792
microsoft/windows_10_21h2 < 10.0.19044.6332
microsoft/windows_10_22h2 < 10.0.19045.6332
microsoft/windows_11_22h2 < 10.0.22621.5909
microsoft/windows_11_23h2 < 10.0.22631.5909
microsoft/windows_11_24h2 < 10.0.26100.6508
microsoft/windows_server_2016 < 10.0.14393.8422
microsoft/windows_server_2019 < 10.0.17763.7792
microsoft/windows_server_2022 < 10.0.20348.4106
microsoft/windows_server_2022_23h2 < 10.0.25398.1849
... and 1 more

Timeline

Published Sep 09, 2025
Tracked Since Feb 18, 2026