Login Sign Up

CVE-2025-63945

7.4 HIGH

📋 TL;DR

A local privilege escalation vulnerability in Tencent iOA for Windows allows authenticated local users to execute programs with elevated privileges by exploiting a race condition. This affects Windows devices running Tencent iOA versions through 210.9.28693.621001. Attackers need local access and must successfully trigger the race condition to exploit this vulnerability.

💻 Affected Systems

Products:
  • Tencent iOA
Versions: through 210.9.28693.621001
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows versions of Tencent iOA; requires local user access and successful race condition exploitation.

📦 What is this software?

Ioa by Tencent

View all CVEs affecting Ioa →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, persistence installation, credential theft, and lateral movement.

🟠

Likely Case

Local user with standard privileges escalates to administrator to bypass security controls, install unauthorized software, or access restricted resources.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts are detected and blocked before successful privilege escalation.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local user access; not directly exploitable over the internet.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to gain elevated privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local user access and successful race condition triggering; public proof-of-concept code is available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check Tencent security advisories for patch availability; if available, update Tencent iOA to the latest version.

🔧 Temporary Workarounds

Restrict Local User Access

windows

Limit local user accounts and implement least privilege principles to reduce attack surface.

Monitor Process Creation

windows

Implement monitoring for unusual process creation patterns that might indicate exploitation attempts.

🧯 If You Can't Patch

  • Implement strict access controls and monitor for suspicious privilege escalation attempts
  • Segment networks to limit lateral movement if exploitation occurs

🔍 How to Verify

Check if Vulnerable:

Check Tencent iOA version; if version is 210.9.28693.621001 or earlier, the system is vulnerable.

Check Version:

Check Tencent iOA application settings or About section for version information.

Verify Fix Applied:

Update Tencent iOA and verify version is newer than 210.9.28693.621001.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation with elevated privileges from standard user accounts
  • Multiple rapid file/process operations suggesting race condition exploitation

Network Indicators:

  • Not applicable - local exploitation only

SIEM Query:

Process Creation where Parent Process contains 'ioa' AND Integrity Level changes from Medium to High/System

📊 Metadata

CVE ID: CVE-2025-63945
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Published: February 23, 2026
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63945, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)