About Elevation of Privilege – Windows Kernel (CVE-2025-62215) vulnerability. The vulnerability was addressed in the November Microsoft Patch Tuesday. Exploitation of this vulnerability allows a local attacker to gain SYSTEM privileges. The root cause of the vulnerability is a Race Condition (CWE-362) and a Double Free (CWE-415).
⚙️ Updates are available for Windows 10/11 and Windows Server 2019/2022/2025.
👾 Microsoft reported active exploitation of the vulnerability in attacks on November 11 as part of MSPT, and the following day the vulnerability was added to the CISA KEV catalog. No details about the attacks have been disclosed so far.
🛠 Public exploits have been available on GitHub since November 18.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.