Detections
Analytics

CVE-2025-62215

high

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)

Published: 2025-11-11

CVE-2025-62215 Windows Kernel vulnerability exploited in the wild as zero-day, one of 63 CVEs patched in the November 2025 Patch Tuesday release.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62215

https://www.securityweek.com/critical-watchguard-firebox-vulnerability-exploited-in-attacks/

https://www.helpnetsecurity.com/2025/11/13/cisa-directive-cve-2025-20333-cve-2025-20362/

https://www.bleepingcomputer.com/news/security/cisa-warns-of-watchguard-firewall-flaw-exploited-in-attacks/

https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html

https://securityaffairs.com/184573/security/u-s-cisa-adds-watchguard-firebox-microsoft-windows-and-gladinet-triofox-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.infosecurity-magazine.com/news/microsoft-windows-kernel-zero-day/

https://www.helpnetsecurity.com/2025/11/12/patch-tuesday-microsoft-cve-2025-62215/

https://www.cisa.gov/news-events/alerts/2025/11/12/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html

https://securityaffairs.com/184507/security/microsoft-patch-tuesday-updates-for-november-2025-fixed-an-actively-exploited-windows-kernel-bug.html

https://www.securityweek.com/microsoft-patches-actively-exploited-windows-kernel-zero-day/

https://cyberscoop.com/microsoft-patch-tuesday-november-2025/

https://www.tenable.com/blog/microsofts-november-2025-patch-tuesday-addresses-63-cves-cve-2025-62215

https://www.tenable.com/blog/frequently-asked-questions-about-the-august-2025-f5-security-incident

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62215

Details

Source: Mitre, NVD

Published: 2025-11-11

Updated: 2025-11-14

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00049