Microsoft has assigned CVE-2025-62215 to a new Windows Kernel elevation-of-privilege flaw that is being actively exploited in the wild.
Published on November 11, 2025, the vulnerability is rated Important and is tracked as an elevation-of-privilege issue in the kernel.
Microsoft’s exploitability index lists “Exploitation Detected,” indicating real-world use despite the absence of public disclosure.
CVE-2025-62215 stems from concurrent execution of code that uses a shared resource without proper synchronization, a classic race condition vulnerability aligned with CWE-362.
The flaw also involves improper memory management, creating a double-free scenario that allows attackers to escalate privileges when successfully exploited.
Successful exploitation requires an attacker to win a race condition, making the CVSS Attack Complexity rating High.
However, when the timing aligns correctly, the vulnerability grants the attacker SYSTEM-level privileges.
The flaw is local and requires an already authorized attacker, making it a classic post-compromise privilege escalation used to deepen control, disable defenses, and move laterally through networks.
While the technical specifics remain limited, the combination of a race condition and a double free suggests a timing-sensitive memory corruption path in kernel code.
This profile is consistent with techniques favored by both targeted threat actors and ransomware operators to elevate privileges after initial access via phishing, driver abuse, or application exploits.
Microsoft notes that exploitation is more likely due to its active use in the wild, potentially allowing threat actors to gain higher access on affected Windows systems.
No workaround exists beyond installing the update, and security experts recommend immediate deployment on all supported versions.
| Windows Version | Affected | Fixed KB Number | Release Date | Notes |
|---|---|---|---|---|
| Windows 10 (various builds, including ESU) | Yes | KB5068858 | November 12, 2025 | All supported editions affected; ESU required for post-support patching. |
| Windows 11 version 22H2 | Yes | KB5068865 | November 12, 2025 | Core kernel component; immediate patching recommended. |
| Windows 11 version 23H2 | Yes | KB5068862 | November 12, 2025 | Includes security and quality fixes addressing the race condition. |
| Windows 11 version 24H2 | Yes | KB5068861 | November 12, 2025 | Latest feature update; exploitation detected pre-patch. |
| Windows Server 2019 | Yes | KB5068859 | November 12, 2025 | Server environments at higher risk due to privilege escalation potential. |
| Windows Server 2022 | Yes | KB5068860 | November 12, 2025 | Applies to domain controllers and file servers; monitor for updates. |
| Windows Server 2025 | Yes | KB5068861 | November 12, 2025 | New server OS; aligns with Windows 11 24H2 patching. |
Given that exploitation has been detected but no public proof-of-concept is available, expect continued targeted use.
Organizations should treat CVE-2025-62215 as a priority for rapid patching and detection engineering, with special attention to servers, jump hosts, and administrative workstations.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1068,580&ssl=1&description=Microsoft's exploitability index lists "Exploitation Detected," indicating real-world use despite the absence of public disclosure.){kind=link}