CVE-2025-54913

CVE Database · CVE-2025-54913

CVE-2025-54913

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

0.27%

Published

Sep 9, 2025

Modified

Oct 2, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-362CWE-416

Affected Products (16)

microsoft · windows_10_1507 (up to 10.0.10240.21128)vulnerable

microsoft · windows_10_1607 (up to 10.0.14393.8422)vulnerable

microsoft · windows_10_1809 (up to 10.0.17763.7792)vulnerable

microsoft · windows_10_21h2 (up to 10.0.19044.6332)vulnerable

microsoft · windows_10_22h2 (up to 10.0.19045.6332)vulnerable

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54913

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs