CVE-2025-54913 is a race condition vulnerability classified under CWE-362, found in the Windows UI XAML Maps MapControlSettings component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability stems from improper synchronization when multiple threads concurrently access shared resources, leading to a race condition. This flaw can be exploited by an attacker with local authorized access to elevate privileges on the affected system. The attacker does not require user interaction but must overcome high attack complexity, indicating that exploitation requires precise timing or conditions. The vulnerability affects confidentiality, integrity, and availability, potentially allowing the attacker to execute code with elevated privileges, manipulate system settings, or cause denial of service. The CVSS v3.1 base score is 7.8 (high), reflecting the significant impact and complexity. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The affected product is an early release of Windows 10, which is largely superseded by newer versions, but legacy systems may still be vulnerable. The race condition arises specifically in the MapControlSettings component related to Windows UI XAML Maps, indicating a flaw in how the system manages concurrent access to map control settings.

The vulnerability allows a locally authorized attacker to elevate privileges, potentially gaining SYSTEM-level access. This can lead to full compromise of affected systems, including unauthorized data access, modification, or deletion, installation of persistent malware, and disruption of system availability. Organizations relying on Windows 10 Version 1507, particularly those with legacy or embedded systems that have not been updated, face increased risk. The flaw undermines system integrity and confidentiality, enabling attackers to bypass security controls. Although exploitation requires local access and high complexity, the impact of successful exploitation is severe, affecting critical infrastructure, enterprise environments, and sensitive data repositories. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as exploit techniques may emerge. The vulnerability's scope is limited to a specific Windows 10 version, but environments with mixed OS versions may still be exposed if legacy systems are present.

1. Upgrade affected systems to a supported and fully patched version of Windows 10 or later, as Windows 10 Version 1507 is outdated and no longer supported. 2. Restrict local access to systems running the vulnerable version, enforcing strict access controls and monitoring for unauthorized logins. 3. Implement application whitelisting and endpoint protection to detect and block suspicious privilege escalation attempts. 4. Employ strict least privilege principles to minimize the number of users with local access and administrative rights. 5. Monitor system logs and security events for unusual behavior related to MapControlSettings or privilege escalation attempts. 6. If upgrading is not immediately possible, consider isolating vulnerable systems from critical networks and sensitive data. 7. Stay alert for official patches or security advisories from Microsoft and apply them promptly once available. 8. Conduct regular security assessments and penetration testing focusing on local privilege escalation vectors.