The vulnerability in the Capability Access Management Service (camsvc) is a classic race condition caused by improper synchronization of shared resources. When two or more processes access the same critical section concurrently, an attacker can manipulate the timing to trigger a privilege escalation. This flaw permits an authorized local user to elevate leverage to higher privileged levels, compromising confidentiality and integrity of the system. The weaknesses involved are described by CWE‑362 (Race Condition) and CWE‑416 (Use After Free).

Microsoft Windows Server 2025, including the Server Core deployment, are affected by this flaw. No other operating system versions or product variants are listed as impacted by the CNA. Users running these editions should verify that the server has the latest cumulative updates that address the mentioned issue.

The CVSS score of 7 denotes a high severity, while the EPSS score of less than 1% indicates a low but non‑zero likelihood of exploitation in the wild. Currently the vulnerability is not catalogued as a known exploited vulnerability by CISA. The attack vector is local, requiring the attacker to already have some level of authorized access. However, once the race condition is triggered the attacker gains elevated privileges, enabling further damage or persistence. Because the flaw is a local privilege escalation, active monitoring of sensitive services and strict least‑privilege controls are essential to mitigate risk until a patch is applied.