CVE-2025-55687

HIGH

Windows ReFS - Privilege Escalation

Title source: llm

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.4
EPSS 0.0008
EPSS Percentile 22.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-362 CWE-416
Status published

Affected Products (16)

microsoft/windows_10_1507 < 10.0.10240.21161
microsoft/windows_10_1607 < 10.0.14393.8519
microsoft/windows_10_1809 < 10.0.17763.7919
microsoft/windows_10_21h2 < 10.0.19044.6456
microsoft/windows_10_22h2 < 10.0.19045.6456
microsoft/windows_11_22h2 < 10.0.22621.6060
microsoft/windows_11_23h2 < 10.0.22631.6060
microsoft/windows_11_24h2 < 10.0.26100.6899
microsoft/windows_11_25h2 < 10.0.26200.6899
microsoft/windows_server_2012
microsoft/windows_server_2012
microsoft/windows_server_2016 < 10.0.14393.8519
microsoft/windows_server_2019 < 10.0.17763.7919
microsoft/windows_server_2022 < 10.0.20348.4294
microsoft/windows_server_2022_23h2 < 10.0.25398.1913
... and 1 more

Timeline

Published Oct 14, 2025
Tracked Since Feb 18, 2026