CNNVD-202507-893 Information

Jul 08, 2025 cve

CNNVD ID

CNNVD-202507-893

CVE-2025-47972

  • CNNVD Published: 2025-07-08

Description (Chinese)

Microsoft Input Method Editor(IME)是美国微软(Microsoft)公司的一种软件组件,它使用户能够使用在标准 QWERTY 键盘上无法轻松表示的语言输入文本。 Microsoft Input Method Editor存在竞争条件问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems。

Description (English)

Microsoft Input Method Editor (IME) is a software component of Microsoft (MSC) in the United States, which enables users to enter text in a language that cannot easily be expressed on the standard QWERTY keyboard. Microsoft Input Method Editor has a gap in competition conditions. The attackers use this loophole to enhance their authority. The following products and versions are affected: Wows for 32-bit Systems, Wows for 32-bit Systems, Wows for 28-years for 28-years for 28-years for 28-years for 20-years for 20-years for 20-years for 20-years, and Wows for 11-years for 22 years-years for 20-years for 20-years, for 20-years for 20-years for 20-years, for 20-years for 20-years-years-years for 20-years-years for 20-years-years, for 20-years-years for 20-years-years-years-years for 20-years-years-years-years for 20-years-years, for 20-years-years-years for 20-years2-years for 2-years for 2-years,

Hazard Level

Medium

Vulnerability Type

竞争条件问题

Affected Vendor

微软

Published

2025-07-08

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47972

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47972

Share on: