CVE-2025-59200
7.7
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Exploitability: 1.8 / Impact: 5.3
Source: secure@microsoft.com (Secondary)
Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
Affected (17)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.10240.21161 | |
| Before 10.0.14393.8519 | |
| Before 10.0.17763.7919 | |
| Before 10.0.19044.6456 | |
| Before 10.0.19045.6456 | |
| Before 10.0.22621.6060 | |
| Up to 10.0.22631.6060 | |
| Before 10.0.26100.6899 | |
| Before 10.0.26200.6899 | |
| Up to 10.0.14393.8519 | |
| Before 10.0.17763.7919 | |
| Before 10.0.20348.4294 | |
| Before 10.0.25398.1913 | |
| Up to 10.0.26100.6899 |
Related CWEs
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-73
External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
References (1)
Source: secure@microsoft.com
Vendor Advisory
Timeline
No history available yet.