cvelistv5 - cve-2025-59220

CVE-2025-59220 (GCVE-0-2025-59220)

Vulnerability from cvelistv5 – Published: 2025-09-18 21:28 – Updated: 2025-11-21 18:18

Title

Windows Bluetooth Service Elevation of Privilege Vulnerability

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416 - Use After Free

Assigner

microsoft

References

URL

Tags

https://msrc.microsoft.com/update-guide/vulnerabi…

vendor-advisory

Impacted products

Vendor

Product

Version

Microsoft

Windows Server 2022

Affected: 10.0.20348.0 , < 10.0.20348.4171 (custom)

Microsoft	Windows 10 Version 21H2	Affected: 10.0.19044.0 , < 10.0.19043.6332 (custom)
Microsoft	Windows 11 version 22H2	Affected: 10.0.22621.0 , < 10.0.22631.5909 (custom)
Microsoft	Windows 10 Version 22H2	Affected: 10.0.19045.0 , < 10.0.19044.6332 (custom)
Microsoft	Windows Server 2025 (Server Core installation)	Affected: 10.0.26100.0 , < 10.0.26100.6584 (custom)
Microsoft	Windows 11 version 22H3	Affected: 10.0.22631.0 , < 10.0.22631.5909 (custom)
Microsoft	Windows 11 Version 23H2	Affected: 10.0.22631.0 , < 10.0.22631.5909 (custom)
Microsoft	Windows Server 2022, 23H2 Edition (Server Core installation)	Affected: 10.0.25398.0 , < 10.0.25398.1849 (custom)
Microsoft	Windows 11 Version 24H2	Affected: 10.0.26100.0 , < 10.0.26100.6584 (custom)
Microsoft	Windows Server 2025	Affected: 10.0.26100.0 , < 10.0.26100.6584 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59220",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-19T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-20T03:55:37.606Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.4171",
              "status": "affected",
              "version": "10.0.20348.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19043.6332",
              "status": "affected",
              "version": "10.0.19044.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5909",
              "status": "affected",
              "version": "10.0.22621.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.6332",
              "status": "affected",
              "version": "10.0.19045.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.6584",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5909",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.5909",
              "status": "affected",
              "version": "10.0.22631.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.25398.1849",
              "status": "affected",
              "version": "10.0.25398.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.6584",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.26100.6584",
              "status": "affected",
              "version": "10.0.26100.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.20348.4171",
                  "versionStartIncluding": "10.0.20348.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
                  "versionEndExcluding": "10.0.19043.6332",
                  "versionStartIncluding": "10.0.19044.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.5909",
                  "versionStartIncluding": "10.0.22621.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.19044.6332",
                  "versionStartIncluding": "10.0.19045.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.6584",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.22631.5909",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
                  "versionEndExcluding": "10.0.22631.5909",
                  "versionStartIncluding": "10.0.22631.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.25398.1849",
                  "versionStartIncluding": "10.0.25398.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
                  "versionEndExcluding": "10.0.26100.6584",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.26100.6584",
                  "versionStartIncluding": "10.0.26100.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-09-18T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T18:18:49.266Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Bluetooth Service Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
        }
      ],
      "title": "Windows Bluetooth Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-59220",
    "datePublished": "2025-09-18T21:28:25.888Z",
    "dateReserved": "2025-09-11T00:32:30.949Z",
    "dateUpdated": "2025-11-21T18:18:49.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59220\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-09-18T22:15:50.037\",\"lastModified\":\"2025-09-25T15:53:26.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.6332\",\"matchCriteriaId\":\"7A6EFA39-1D7C-4663-A412-AA6802FB27E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.6332\",\"matchCriteriaId\":\"45F6F341-FC2F-4629-8259-C5F8CC8E2EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.5909\",\"matchCriteriaId\":\"86480500-CDA6-4F8F-9B8C-F3FC77B15F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22631.5909\",\"matchCriteriaId\":\"0A6C6080-3904-45F2-897E-F6583DB4A70A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.26100.6508\",\"matchCriteriaId\":\"6E1B4513-36E7-4DCD-96B3-A56184D37C87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.4106\",\"matchCriteriaId\":\"DFE7D988-2ABE-4833-AFEB-90926E10B8EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.25398.1849\",\"matchCriteriaId\":\"986B3446-8F5A-4D4C-A240-7052ED135E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.26100.6508\",\"matchCriteriaId\":\"B7DF196D-36BE-4A48-844E-E1D8405A9E1A\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59220\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-19T12:03:00.489677Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-19T12:03:03.885Z\"}}], \"cna\": {\"title\": \"Windows Bluetooth Service Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.20348.0\", \"lessThan\": \"10.0.20348.4171\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 21H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.19044.0\", \"lessThan\": \"10.0.19043.6332\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22621.0\", \"lessThan\": \"10.0.22631.5909\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.19045.0\", \"lessThan\": \"10.0.19044.6332\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\", \"32-bit Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.6584\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H3\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22631.0\", \"lessThan\": \"10.0.22631.5909\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 23H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22631.0\", \"lessThan\": \"10.0.22631.5909\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022, 23H2 Edition (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.25398.0\", \"lessThan\": \"10.0.25398.1849\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 24H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.6584\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.26100.0\", \"lessThan\": \"10.0.26100.6584\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2025-09-18T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220\", \"name\": \"Windows Bluetooth Service Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}, {\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.20348.4171\", \"versionStartIncluding\": \"10.0.20348.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.19043.6332\", \"versionStartIncluding\": \"10.0.19044.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22631.5909\", \"versionStartIncluding\": \"10.0.22621.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.19044.6332\", \"versionStartIncluding\": \"10.0.19045.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.6584\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22631.5909\", \"versionStartIncluding\": \"10.0.22631.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22631.5909\", \"versionStartIncluding\": \"10.0.22631.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.25398.1849\", \"versionStartIncluding\": \"10.0.25398.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.6584\", \"versionStartIncluding\": \"10.0.26100.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.26100.6584\", \"versionStartIncluding\": \"10.0.26100.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-11-21T18:18:49.266Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59220\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-21T18:18:49.266Z\", \"dateReserved\": \"2025-09-11T00:32:30.949Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-09-18T21:28:25.888Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-PXGP-HQJ6-728F

Vulnerability from github – Published: 2025-09-19 00:30 – Updated: 2025-09-19 00:30

Details

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Severity ?

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-59220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T22:15:50Z",
    "severity": "HIGH"
  },
  "details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-pxgp-hqj6-728f",
  "modified": "2025-09-19T00:30:58Z",
  "published": "2025-09-19T00:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59220"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2025-29344

Vulnerability from cnvd - Published: 2025-11-25

Title

Microsoft Windows Bluetooth Service资源管理错误漏洞

Description

Microsoft Windows Bluetooth Service是美国微软Microsoft公司的一个蓝牙驱动程序。 Microsoft Windows Bluetooth Service存在资源管理错误漏洞，该漏洞源于共享资源同步不当导致的竞争条件，攻击者可利用该漏洞导致本地权限提升。

Severity

中

Patch Name

Microsoft Windows Bluetooth Service资源管理错误漏洞的补丁

Patch Description

Microsoft Windows Bluetooth Service是美国微软Microsoft公司的一个蓝牙驱动程序。 Microsoft Windows Bluetooth Service存在资源管理错误漏洞，该漏洞源于共享资源同步不当导致的竞争条件，攻击者可利用该漏洞导致本地权限提升。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-59220

Impacted products

Name
Microsoft Windows Bluetooth Service

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-59220",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-59220"
    }
  },
  "description": "Microsoft Windows Bluetooth Service\u662f\u7f8e\u56fd\u5fae\u8f6fMicrosoft\u516c\u53f8\u7684\u4e00\u4e2a\u84dd\u7259\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nMicrosoft Windows Bluetooth Service\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5171\u4eab\u8d44\u6e90\u540c\u6b65\u4e0d\u5f53\u5bfc\u81f4\u7684\u7ade\u4e89\u6761\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a \r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-29344",
  "openTime": "2025-11-25",
  "patchDescription": "Microsoft Windows Bluetooth Service\u662f\u7f8e\u56fd\u5fae\u8f6fMicrosoft\u516c\u53f8\u7684\u4e00\u4e2a\u84dd\u7259\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft Windows Bluetooth Service\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5171\u4eab\u8d44\u6e90\u540c\u6b65\u4e0d\u5f53\u5bfc\u81f4\u7684\u7ade\u4e89\u6761\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Bluetooth Service\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Windows Bluetooth Service"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-59220",
  "serverity": "\u4e2d",
  "submitTime": "2025-11-10",
  "title": "Microsoft Windows Bluetooth Service\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CERTFR-2025-AVI-0804

Vulnerability from certfr_avis - Published: 2025-09-19 - Updated: 2025-09-19

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows Server 2025 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1849
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348.4106
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.4106

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2025-59215	2025-09-18	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59216	2025-09-18	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59220	2025-09-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1849",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.4106",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.4106",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-59215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59215"
    },
    {
      "name": "CVE-2025-59216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59216"
    },
    {
      "name": "CVE-2025-59220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59220"
    }
  ],
  "initial_release_date": "2025-09-19T00:00:00",
  "last_revision_date": "2025-09-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0804",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215"
    },
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59216",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216"
    },
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
    }
  ]
}

CERTFR-2025-AVI-0804

Vulnerability from certfr_avis - Published: 2025-09-19 - Updated: 2025-09-19

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows Server 2025 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1849
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows Server 2022 versions antérieures à 10.0.20348.4106
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19043.6332
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2025 (Server Core installation) versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22631.5909
Microsoft	Windows	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19044.6332
Microsoft	Windows	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.6508
Microsoft	Windows	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.4106

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2025-59215	2025-09-18	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59216	2025-09-18	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2025-59220	2025-09-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1849",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.4106",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19043.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2025 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.5909",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.6332",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.6508",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.4106",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-59215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59215"
    },
    {
      "name": "CVE-2025-59216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59216"
    },
    {
      "name": "CVE-2025-59220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59220"
    }
  ],
  "initial_release_date": "2025-09-19T00:00:00",
  "last_revision_date": "2025-09-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0804",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59215"
    },
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59216",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59216"
    },
    {
      "published_at": "2025-09-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2025-59220",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
    }
  ]
}

MSRC_CVE-2025-59220

Vulnerability from csaf_microsoft - Published: 2025-09-09 07:00 - Updated: 2025-10-10 07:00

Summary

Windows Bluetooth Service Elevation of Privilege Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Hwiwon Lee (hwiwonl), SEC-agent team"
        ]
      },
      {
        "names": [
          "\u003ca href=\"https://linkedin.com/in/jongseongkim\"\u003eJongseong Kim (nevul37), SEC-agent team\u003c/a\u003e"
        ]
      },
      {
        "names": [
          "Zhiniang Peng with HUST \u0026amp; R4nger with CyberKunLun"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
      },
      {
        "category": "self",
        "summary": "CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-59220.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Windows Bluetooth Service Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2025-10-10T07:00:00.000Z",
      "generator": {
        "date": "2025-11-20T01:16:52.885Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-59220",
      "initial_release_date": "2025-09-09T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-18T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published. This CVE was addressed by updates that were released in September 2025, but the CVE was inadvertently omitted from the September 2025 Security Updates. This is an informational change only. Customers who have already installed the September 2025 updates do not need to take any further action."
        },
        {
          "date": "2025-10-10T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added acknowledgements. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.20348.4171",
            "product": {
              "name": "Windows Server 2022 \u003c10.0.20348.4171",
              "product_id": "17"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.20348.4171",
            "product": {
              "name": "Windows Server 2022 10.0.20348.4171",
              "product_id": "11923"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.20348.4171",
            "product": {
              "name": "Windows Server 2022 (Server Core installation) \u003c10.0.20348.4171",
              "product_id": "16"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.20348.4171",
            "product": {
              "name": "Windows Server 2022 (Server Core installation) 10.0.20348.4171",
              "product_id": "11924"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for 32-bit Systems \u003c10.0.19043.6332",
              "product_id": "15"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for 32-bit Systems 10.0.19043.6332",
              "product_id": "11929"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 21H2 for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for ARM64-based Systems \u003c10.0.19043.6332",
              "product_id": "14"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for ARM64-based Systems 10.0.19043.6332",
              "product_id": "11930"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 21H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for x64-based Systems \u003c10.0.19043.6332",
              "product_id": "13"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19043.6332",
            "product": {
              "name": "Windows 10 Version 21H2 for x64-based Systems 10.0.19043.6332",
              "product_id": "11931"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 21H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 22H2 for ARM64-based Systems \u003c10.0.22631.5909",
              "product_id": "12"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 22H2 for ARM64-based Systems 10.0.22631.5909",
              "product_id": "12085"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 22H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 22H2 for x64-based Systems \u003c10.0.22631.5909",
              "product_id": "11"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 22H2 for x64-based Systems 10.0.22631.5909",
              "product_id": "12086"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 22H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for x64-based Systems \u003c10.0.19044.6332",
              "product_id": "10"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for x64-based Systems 10.0.19044.6332",
              "product_id": "12097"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 22H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for ARM64-based Systems \u003c10.0.19044.6332",
              "product_id": "9"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for ARM64-based Systems 10.0.19044.6332",
              "product_id": "12098"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 22H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for 32-bit Systems \u003c10.0.19044.6332",
              "product_id": "8"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.19044.6332",
            "product": {
              "name": "Windows 10 Version 22H2 for 32-bit Systems 10.0.19044.6332",
              "product_id": "12099"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 10 Version 22H2 for 32-bit Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.6584",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) \u003c10.0.26100.6584",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.6584",
            "product": {
              "name": "Windows Server 2025 (Server Core installation) 10.0.26100.6584",
              "product_id": "12437"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025 (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 23H2 for ARM64-based Systems \u003c10.0.22631.5909",
              "product_id": "7"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 23H2 for ARM64-based Systems 10.0.22631.5909",
              "product_id": "12242"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 23H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 23H2 for x64-based Systems \u003c10.0.22631.5909",
              "product_id": "6"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.22631.5909",
            "product": {
              "name": "Windows 11 Version 23H2 for x64-based Systems 10.0.22631.5909",
              "product_id": "12243"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 23H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.25398.1849",
            "product": {
              "name": "Windows Server 2022, 23H2 Edition (Server Core installation) \u003c10.0.25398.1849",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.25398.1849",
            "product": {
              "name": "Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1849",
              "product_id": "12244"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2022, 23H2 Edition (Server Core installation)"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.6584",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems \u003c10.0.26100.6584",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.6584",
            "product": {
              "name": "Windows 11 Version 24H2 for ARM64-based Systems 10.0.26100.6584",
              "product_id": "12389"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for ARM64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.6584",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems \u003c10.0.26100.6584",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.6584",
            "product": {
              "name": "Windows 11 Version 24H2 for x64-based Systems 10.0.26100.6584",
              "product_id": "12390"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows 11 Version 24H2 for x64-based Systems"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c10.0.26100.6584",
            "product": {
              "name": "Windows Server 2025 \u003c10.0.26100.6584",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "10.0.26100.6584",
            "product": {
              "name": "Windows Server 2025 10.0.26100.6584",
              "product_id": "12436"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Server 2025"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59220",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to win a race condition.",
          "title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.",
          "title": "What privileges could be gained by an attacker who successfully exploited this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11923",
          "11924",
          "11929",
          "11930",
          "11931",
          "12085",
          "12086",
          "12097",
          "12098",
          "12099",
          "12242",
          "12243",
          "12244",
          "12389",
          "12390",
          "12436",
          "12437"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
        },
        {
          "category": "self",
          "summary": "CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-59220.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.20348.4171:Security Update:https://support.microsoft.com/help/5065432",
          "product_ids": [
            "17",
            "16"
          ],
          "url": "https://support.microsoft.com/help/5065432"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.20348.4106:Security Hotpatch Update:https://support.microsoft.com/help/5065306",
          "product_ids": [
            "17",
            "16"
          ],
          "url": "https://support.microsoft.com/help/5065306"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.19043.6332:Security Update:https://support.microsoft.com/help/5065429",
          "product_ids": [
            "15",
            "14",
            "13"
          ],
          "url": "https://support.microsoft.com/help/5065429"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.22631.5909:Security Update:https://support.microsoft.com/help/5065431",
          "product_ids": [
            "12",
            "11",
            "7",
            "6"
          ],
          "url": "https://support.microsoft.com/help/5065431"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.19044.6332:Security Update:https://support.microsoft.com/help/5065429",
          "product_ids": [
            "10",
            "9",
            "8"
          ],
          "url": "https://support.microsoft.com/help/5065429"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.26100.6584:Security Update:https://support.microsoft.com/help/5065426",
          "product_ids": [
            "1",
            "4",
            "3",
            "2"
          ],
          "url": "https://support.microsoft.com/help/5065426"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.26100.6508:SecurityHotpatchUpdate:https://support.microsoft.com/help/5065474",
          "product_ids": [
            "1",
            "4",
            "3",
            "2"
          ],
          "url": "https://support.microsoft.com/help/5065474"
        },
        {
          "category": "vendor_fix",
          "date": "2025-09-18T07:00:00.000Z",
          "details": "10.0.25398.1849:Security Update:https://support.microsoft.com/help/5065425",
          "product_ids": [
            "5"
          ],
          "url": "https://support.microsoft.com/help/5065425"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.1,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Windows Bluetooth Service Elevation of Privilege Vulnerability"
    }
  ]
}

FKIE_CVE-2025-59220

Vulnerability from fkie_nvd - Published: 2025-09-18 22:15 - Updated: 2025-09-25 15:53

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	windows_10_21h2	*
microsoft	windows_10_22h2	*
microsoft	windows_11_22h2	*
microsoft	windows_11_23h2	*
microsoft	windows_11_24h2	*
microsoft	windows_server_2022	*
microsoft	windows_server_2022_23h2	*
microsoft	windows_server_2025	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6EFA39-1D7C-4663-A412-AA6802FB27E8",
              "versionEndExcluding": "10.0.19044.6332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F6F341-FC2F-4629-8259-C5F8CC8E2EB3",
              "versionEndExcluding": "10.0.19045.6332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86480500-CDA6-4F8F-9B8C-F3FC77B15F67",
              "versionEndExcluding": "10.0.22621.5909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A6C6080-3904-45F2-897E-F6583DB4A70A",
              "versionEndExcluding": "10.0.22631.5909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E1B4513-36E7-4DCD-96B3-A56184D37C87",
              "versionEndExcluding": "10.0.26100.6508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE7D988-2ABE-4833-AFEB-90926E10B8EB",
              "versionEndExcluding": "10.0.20348.4106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "986B3446-8F5A-4D4C-A240-7052ED135E5B",
              "versionEndExcluding": "10.0.25398.1849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7DF196D-36BE-4A48-844E-E1D8405A9E1A",
              "versionEndExcluding": "10.0.26100.6508",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally."
    }
  ],
  "id": "CVE-2025-59220",
  "lastModified": "2025-09-25T15:53:26.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-18T22:15:50.037",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59220"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        },
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59220 (GCVE-0-2025-59220)

GHSA-PXGP-HQJ6-728F

CNVD-2025-29344

CERTFR-2025-AVI-0804

Solutions

CERTFR-2025-AVI-0804

Solutions

MSRC_CVE-2025-59220

FKIE_CVE-2025-59220

Tags

Sightings

Nomenclature