CNNVD-202508-1200 Information

Aug 12, 2025 cve

CNNVD ID

CNNVD-202508-1200

CVE-2025-53135

  • CNNVD Published: 2025-08-12

Description (Chinese)

Microsoft Windows DirectX是美国微软(Microsoft)公司的DirectX 最终用户运行时 Web 安装程序。 Microsoft Windows DirectX存在竞争条件问题漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 22H2 for 32-bit Systems,Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019。

Description (English)

Microsoft Windows DirectX is a Web installation program run by the United States Microsoft ’ s DirectX end-user. Microsoft Windows DirectX has a gap in competition conditions. The attackers use this loophole to enhance their authority. The following products and versions are affected: Wows Service 2019, Wows Service, Wows Service 2022, Windows Service Service 21H2 for Windows 10 Versence 21H2 for ARM 64-Systems, Wows Service 10 Vows Service 20-Systeams, Wows Service 28-Sysysysysysysysysys, Wows Organization 32-Sysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysys2-Sysysysysysysysysys 2-Wes

Hazard Level

Medium

Vulnerability Type

竞争条件问题

Affected Vendor

微软

Published

2025-08-12

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53135 https://nvd.nist.gov/vuln/detail/CVE-2025-53135

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53135

Share on: