A race condition in Windows SMB Server allows an attacker with local or network privileges to exploit improper synchronization of a shared resource, enabling them to raise their own privileges. The flaw results in a control‑flow change that elevates the attacker’s effective permissions on the affected system. By achieving higher privilege, the attacker can gain full control of the machine, read or modify sensitive data, and install malware with administrator rights. The primary weakness is a concurrency error, classified under CWE‑362.

Microsoft Windows operating systems are impacted, including Windows 10 from version 1607 through 22H2; Windows 11 from version 22H3 through 25H2; Windows Server 2012 through 2012 R2, including Server Core installations; Windows Server 2016, 2019, 2022 (including 23H2 Server Core), and Windows Server 2025. All listed versions are susceptible to the SMB server vulnerability.

The vulnerability scores a CVSS of 7.5, indicating high severity, and has a very low Current Exploit Probability (EPSS < 1%). It is not listed in the CISA KEV catalog, suggesting that no publicly known exploits have been detected yet. The likely attack vector is over the network via the SMB protocol; an attacker must have at least access to the local network or be compromised on the target machine. The combination of a high impact and low chance of exploitation places professionals in a position to proactively apply fixes before potential exploits appear.