Microsoft has assigned CVE-2025-62215 to a new Windows Kernel elevation of privilege flaw that is being actively exploited in the wild.
Published on November 11, 2025, the vulnerability is rated Important and tracked as an elevation of privilege issue in the kernel. Microsoft’s exploitability index lists “Exploitation Detected,” indicating real-world use despite the absence of public disclosure.
CVE-2025-62215 stems from concurrent execution using a shared resource with improper synchronization, aligning with CWE-362 (race condition), and is also associated with CWE-415 (double free).
Successful exploitation requires an attacker to win a race condition (CVSS Attack Complexity: High), but when it lands, it can grant SYSTEM privileges.
The flaw is local and requires an already authorized attacker, making it a classic post-compromise privilege escalation used to deepen control, disable defenses, and move laterally.
While technical specifics remain limited, the combination of race condition and double free suggests a timing-sensitive memory corruption path in kernel code.
This profile is consistent with techniques favored by both targeted threat actors and ransomware operators to elevate privileges after initial access via phishing, driver abuse, or application exploits.
| Windows Version | Affected | Fixed KB Number | Release Date | Notes |
|---|---|---|---|---|
| Windows 10 (various builds, including ESU) | Yes | KB5068858 (example for 22H2) | November 12, 2025 | All supported editions affected; ESU required for post-support patching. |
| Windows 11 version 22H2 | Yes | KB5068865 | November 12, 2025 | Core kernel component; immediate patching recommended. |
| Windows 11 version 23H2 | Yes | KB5068862 | November 12, 2025 | Includes security and quality fixes addressing the race condition. |
| Windows 11 version 24H2 | Yes | KB5068861 | November 12, 2025 | Latest feature update; exploitation detected pre-patch. |
| Windows Server 2019 | Yes | KB5068859 | November 12, 2025 | Server environments at higher risk due to privilege escalation potential. |
| Windows Server 2022 | Yes | KB5068860 | November 12, 2025 | Applies to domain controllers and file servers; monitor for updates. |
| Windows Server 2025 | Yes | KB5068861 | November 12, 2025 | New server OS; aligns with Windows 11 24H2 patching. |
Given that exploitation has been detected but no public proof-of-concept is available, expect continued targeted use.
Organizations should treat CVE-2025-62215 as a priority for rapid patching and detection engineering, with special attention to servers, jump hosts, and administrative workstations.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
