CVE-2025-49743
Race Condition in Microsoft Graphics Component Enables Local Privilege Escalation

Publication date: 2025-08-12

Last updated on: 2025-08-15

Assigner: [email protected]

Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
microsoft graphics_component *
microsoft windows_server_2008 *
microsoft windows_server_2012 *
microsoft windows_server_2012 *
microsoft windows_server_2008 *
microsoft windows_11_24h2 to 10.0.26100.4851 (inc)
microsoft windows_10_1507 to 10.0.10240.21100 (inc)
microsoft windows_10_1607 to 10.0.14393.8330 (inc)
microsoft windows_10_1809 to 10.0.17763.7678 (inc)
microsoft windows_10_21h2 to 10.0.19044.6216 (inc)
microsoft windows_10_22h2 to 10.0.19045.6216 (inc)
microsoft windows_11_22h2 to 10.0.22621.5768 (inc)
microsoft windows_11_23h2 to 10.0.22631.5768 (inc)
microsoft windows_server_2016 to 10.0.14393.8330 (inc)
microsoft windows_server_2025 to 10.0.26100.4851 (inc)
microsoft windows_server_2019 to 10.0.17763.7678 (inc)
microsoft windows_server_2022 to 10.0.20348.3989 (inc)
microsoft windows_server_2022_23h2 to 10.0.25398.1791 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 Use After Free
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?


How can this vulnerability impact me? :


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-08-12
CVE Last Modified Date:
2025-08-15
Report Generation Date:
2025-09-04
AI Powered Q&A Generation:
2025-08-12
EPSS Last Evaluated Date:
2025-08-26
NVD Report Link: