CVE-2025-59507

Опубликовано: 11 нояб. 2025

Источник: msrc

CVSS3: 7

Описание

Windows Speech Runtime Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.

Обновления

Продукт	Статья	Обновление
Windows Server 2016	5068864	Security Update
Windows 10 Version 1607 for 32-bit Systems	5068864	Security Update
Windows 10 Version 1607 for x64-based Systems	5068864	Security Update
Windows Server 2016 (Server Core installation)	5068864	Security Update
Windows 10 Version 1809 for 32-bit Systems	5068791	Security Update
Windows 10 Version 1809 for x64-based Systems	5068791	Security Update
Windows Server 2019	5068791	Security Update
Windows Server 2019 (Server Core installation)	5068791	Security Update
Windows Server 2022	5068787 5068840	Security Update Security Hotpatch Update
Windows Server 2022 (Server Core installation)	5068787 5068840	Security Update Security Hotpatch Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

7 High

CVSS3

Связанные уязвимости

GHSA-wvpj-27hh-g2m4

CVSS3: 7

github

около 22 часов назад

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

7 High

CVSS3