CVE-2025-59196

HIGH

Microsoft Windows 10 1507 < 10.0.10240.21161 - Race Condition

Title source: rule

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.0
EPSS 0.0008
EPSS Percentile 22.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-362 CWE-416
Status published

Affected Products (22)

microsoft/windows_10_1507 < 10.0.10240.21161
microsoft/windows_10_1507 < 10.0.10240.21161
microsoft/windows_10_1607 < 10.0.14393.8519
microsoft/windows_10_1607 < 10.0.14393.8519
microsoft/windows_10_1809 < 10.0.17763.7919
microsoft/windows_10_1809 < 10.0.17763.7919
microsoft/windows_10_21h2 < 10.0.19044.6456
microsoft/windows_10_22h2 < 10.0.19045.6456
microsoft/windows_11_22h2 < 10.0.22621.6060
microsoft/windows_11_23h2 < 10.0.22631.6060
microsoft/windows_11_24h2 < 10.0.26100.6899
microsoft/windows_11_25h2 < 10.0.26200.6899
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
... and 7 more

Timeline

Published Oct 14, 2025
Tracked Since Feb 18, 2026