Privilege Escalation Vulnerability in Microsoft Windows QoS Scheduler
CVE-2025-49730
7.8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-49730?
A time-of-check time-of-use (TOCTOU) race condition in the Microsoft Windows QoS Scheduler may allow an authorized attacker to gain elevated privileges on the system. This vulnerability creates a window of opportunity for malicious actors to exploit the system by manipulating the timing of checks against access permissions and actions taken on the system. Users are encouraged to review the Microsoft security advisory for more details and recommendations on mitigation.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21073
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8246
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7558