Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Published: 2025-12-09
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Elevation of Privilege
Action: Patch
AI Analysis

Impact

Microsoft Brokering File System contains a race condition due to improper synchronization of a shared resource. An attacker who already has access to the system can exploit this flaw to gain higher privileges locally, potentially reaching administrative rights. The vulnerability is a classic concurrency flaw (CWE-362) and also involves double‑free logic (CWE-415).

Affected Systems

The flaw affects Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025 including Server Core installations. These systems run on both ARM64 and x86 architectures as documented by the affected CPE strings.

Risk and Exploitability

The CVSS score of 7 indicates a medium‑to‑high severity. The EPSS score is listed as < 1 %, meaning the likelihood of exploitation in the wild is very low, and it is not currently present in the CISA KEV catalog. The attack vector is inferred to be local; an authorized user must execute the exploit from within the operating system, so remote exploitation is not described by the data. The combination of a moderate CVSS score and low EPSS suggests that the risk is manageable but should be mitigated promptly.

Generated by OpenCVE AI on April 20, 2026 at 16:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update for CVE-2025-62469 as soon as it is released.
  • Restrict access to the Brokering File System and related shared resources to only those accounts that require it, following the principle of least privilege.
  • Obtain and enforce administrative monitoring or logging on systems that may be impacted to detect attempts to exploit local privilege escalations.

Generated by OpenCVE AI on April 20, 2026 at 16:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2

Tue, 09 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
Description Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Title Microsoft Brokering File System Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Weaknesses CWE-362
CWE-415
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2025
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-16T14:18:31.537Z

Reserved: 2025-10-14T18:24:58.485Z

Link: CVE-2025-62469

cve-icon Vulnrichment

Updated: 2025-12-09T20:17:55.251Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T18:15:59.063

Modified: 2025-12-12T20:04:14.387

Link: CVE-2025-62469

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:15:11Z

Weaknesses