Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

CVE Database V5

Detailed information about CVE-2025-59216: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Microsoft Win

CVE-2025-59216: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Microsoft Windows Server 2025 (Server Core installation) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-59216: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Microsoft Windows Server 2025 (Server Core installation)

Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Detailed information about CVE-2025-59215: CWE-416: Use After Free in Microsoft Windows Server 2025 (Server Core installation) affecting Microsoft Windows Serve

CVE-2025-59215: CWE-416: Use After Free in Microsoft Windows Server 2025 (Server Core installation) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-59215: CWE-416: Use After Free in Microsoft Windows Server 2025 (Server Core installation)

An attacker with adjacent access, without authentication, can exploit 
this vulnerability to retrieve a hard-coded password embedded in 
publicly available software. This password can then be used to decrypt 
sensitive network traffic, affecting the Cognex device.

CVE-2025-54754 is a high-severity vulnerability affecting the Cognex In-Sight 2000 series, specifically version 5.x. The vulnerability is classified under CWE-259, which pertains to the use of hard-coded passwords. In this case, an attacker with adjacent network access—meaning they must be on the same local network segment or have similar proximity—can exploit the vulnerability without requiring any authentication. The attacker can extract a hard-coded password embedded within publicly available software related to the device. This password enables the attacker to decrypt sensitive network traffic to and from the Cognex device. The vulnerability impacts confidentiality, integrity, and availability, as indicated by the CVSS vector (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The attack complexity is low, no privileges are required, but user interaction is needed, likely involving the attacker tricking a user or leveraging a network interaction. The scope is unchanged, meaning the vulnerability affects only the vulnerable component. The lack of authentication requirement and the ability to decrypt sensitive traffic make this a critical concern for environments relying on these devices for industrial or manufacturing automation. No patches are currently available, and no known exploits have been reported in the wild as of the publication date.

Detailed information about CVE-2025-54754: CWE-259 in Cognex In-Sight 2000 series affecting Cognex In-Sight 2000 series. Get real-time updates, technical detail

CVE-2025-54754: CWE-259 in Cognex In-Sight 2000 series - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54754: CWE-259 in Cognex In-Sight 2000 series

A local attacker with low privileges on the Windows system where the 
software is installed can exploit this vulnerability to corrupt 
sensitive data. A data folder is created with very weak privileges, 
allowing any user logged into the Windows system to modify its content.

CVE-2025-53947 is a high-severity vulnerability (CVSS 7.7) affecting the Cognex In-Sight 2000 series, specifically version 5.x of the software. The vulnerability is classified under CWE-276, which relates to improper permissions or access control. In this case, the issue arises because the software creates a data folder on the Windows system with overly permissive access rights. This weak permission setting allows any user logged into the Windows system, regardless of privilege level, to modify the contents of this folder. Since the folder contains sensitive data, a local attacker with low privileges can exploit this to corrupt or tamper with critical data used by the application. The attack vector is local (AV:L), requiring no user interaction (UI:N) and no privileges (PR:N), making it relatively easy to exploit by any user with access to the system. The impact affects integrity and availability, as attackers can modify or corrupt data, potentially disrupting the normal operation of the Cognex In-Sight 2000 series devices. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that remediation may still be pending or in progress. The vulnerability is particularly relevant for environments where multiple users have access to the same Windows system running this software, increasing the risk of insider threats or unauthorized local access leading to data corruption.

Detailed information about CVE-2025-53947: CWE-276 in Cognex In-Sight 2000 series affecting Cognex In-Sight 2000 series. Get real-time updates, technical detail

CVE-2025-53947: CWE-276 in Cognex In-Sight 2000 series - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53947: CWE-276 in Cognex In-Sight 2000 series

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.

Detailed information about CVE-2025-59220: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Microsoft Win