CVE-2025-49743

Опубликовано: 12 авг. 2025

Источник: msrc

CVSS3: 6.7

EPSS Низкий

Описание

Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?

An authorized attacker with privileges could send controlled inputs to exploit this vulnerability.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5063888 5063948	MonthlyRollup SecurityOnly
Windows Server 2008 for x64-based Systems Service Pack 2	5063888 5063948	MonthlyRollup SecurityOnly
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5063888 5063948	MonthlyRollup SecurityOnly
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5063947 5063927	MonthlyRollup SecurityOnly
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5063947 5063927	MonthlyRollup SecurityOnly
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5063888 5063948	MonthlyRollup SecurityOnly
Windows Server 2012	5063906	MonthlyRollup
Windows Server 2012 (Server Core installation)	5063906	MonthlyRollup
Windows Server 2012 R2	5063950	MonthlyRollup
Windows Server 2012 R2 (Server Core installation)	5063950	MonthlyRollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 15%

0.00049

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2025-49743

CVSS3: 6.7

nvd

1 день назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

GHSA-h9r7-vqrg-9f4w

CVSS3: 6.7

github

1 день назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

EPSS

Процентиль: 15%

0.00049

Низкий

6.7 Medium

CVSS3