Privilege Escalation Vulnerability in Microsoft Windows QoS Scheduler
CVE-2025-49730

7.8HIGH

What is CVE-2025-49730?

A time-of-check time-of-use (TOCTOU) race condition in the Microsoft Windows QoS Scheduler may allow an authorized attacker to gain elevated privileges on the system. This vulnerability creates a window of opportunity for malicious actors to exploit the system by manipulating the timing of checks against access permissions and actions taken on the system. Users are encouraged to review the Microsoft security advisory for more details and recommendations on mitigation.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21073

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8246

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7558

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49730 : Privilege Escalation Vulnerability in Microsoft Windows QoS Scheduler