Race Condition Vulnerability in Windows Shell by Microsoft
CVE-2025-64661

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
9 December 2025

What is CVE-2025-64661?

A security vulnerability in Windows Shell arises from improper synchronization during concurrent execution using shared resources. This flaw can be exploited by authorized attackers to elevate their privileges locally. As a result, this may allow them to execute arbitrary commands with elevated rights, potentially compromising system security and integrity.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8688

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8146

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6691

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64661 : Race Condition Vulnerability in Windows Shell by Microsoft