CVE-2025-29969

Published May 13, 2025

Last updated 9 months ago

Windows Fundamentals

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-29969 is identified as a Time-of-check time-of-use (TOCTOU) race condition vulnerability found within Windows Fundamentals. This flaw, disclosed on May 13, 2025, affects a broad range of Microsoft Windows operating systems, including various versions of Windows Server (2008, 2012, 2016, 2019, 2022, 2025), Windows 10, and Windows 11. Successful exploitation of this vulnerability could allow an authorized attacker to execute code over a network. Microsoft addressed CVE-2025-29969 by releasing security updates as part of its May 2025 Patch Tuesday releases.

Description: Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-367

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
            "versionEndExcluding": "10.0.10240.21014"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
            "versionEndExcluding": "10.0.10240.21014"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
            "versionEndExcluding": "10.0.22621.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
            "versionEndExcluding": "10.0.22621.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
            "versionEndExcluding": "10.0.22631.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
            "versionEndExcluding": "10.0.22631.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
            "versionEndExcluding": "10.0.26100.4061"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
            "versionEndExcluding": "10.0.26100.4061"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
            "versionEndExcluding": "10.0.20348.3692"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
            "versionEndExcluding": "10.0.25398.1611"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
            "versionEndExcluding": "10.0.26100.4061"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.