Login Sign Up

CVE-2025-54913

7.8 HIGH

📋 TL;DR

A race condition vulnerability in Windows UI XAML Maps MapControlSettings allows local attackers to escalate privileges. This affects Windows systems with the vulnerable component. Attackers must already have some level of access to exploit this vulnerability.

💻 Affected Systems

Products:
  • Windows UI XAML Maps MapControlSettings
Versions: Specific Windows versions as detailed in Microsoft advisory
Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the XAML Maps component to be present and accessible. Systems without this component are not affected.

📦 What is this software?

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM-level privileges, enabling installation of malware, data theft, or persistence mechanisms.

🟠

Likely Case

Local privilege escalation from standard user to administrator or SYSTEM privileges, allowing unauthorized access to sensitive resources.

🟢

If Mitigated

Limited impact if proper access controls and privilege separation are implemented, though local attackers could still gain elevated access.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing access to the system.
🏢 Internal Only: HIGH - Internal attackers with standard user access could exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and race condition timing precision. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54913

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable vulnerable component

windows

Remove or disable the XAML Maps MapControlSettings component if not required

Restrict local access

all

Implement strict access controls and limit local user privileges

🧯 If You Can't Patch

  • Implement principle of least privilege for all user accounts
  • Monitor for suspicious privilege escalation attempts using security tools

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for the specific KB patch mentioned in Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify the security update is installed via Windows Update history or systeminfo command

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Suspicious process creation with elevated privileges
  • Access to sensitive system resources by non-admin users

Network Indicators:

  • Local privilege escalation typically has minimal network indicators

SIEM Query:

EventID=4688 AND NewProcessName CONTAINS 'cmd.exe' OR 'powershell.exe' AND SubjectUserName != 'SYSTEM' AND TokenElevationType != '%%1936'

📊 Metadata

CVE ID: CVE-2025-54913
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-362
EPSS Score: 0.03% exploit probability (6.9th percentile)
Published: September 9, 2025
Last Updated: October 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54913, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)