CVE Alert: CVE-2025-54105 - Microsoft - Windows Server 2025 (Server Core installation)

CVE-2025-54105

HIGHNo exploitation known

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

CVSS v3.1 (7)

Vendor

Microsoft, Microsoft, Microsoft, Microsoft

Product

Windows Server 2025 (Server Core installation), Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025

Versions

10.0.26100.0 lt 10.0.26100.6584 | 10.0.25398.0 lt 10.0.25398.1849 | 10.0.26100.0 lt 10.0.26100.6584 | 10.0.26100.0 lt 10.0.26100.6584

CWE

CWE-362, CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Published

2025-09-09T17:01:21.775Z

Updated

2025-09-10T03:55:40.194Z

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54105

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

Unexpected privilege elevation attempts from non-admin processes.
Spike in anomalous brokered-file-system or memory-related errors and crashes.
Unusual process creations or privilege changes without corresponding user login events.
Correlated spikes in local-origin access attempts on affected builds.
Security logs showing suspicious impersonation or handle operations around brokered resources.

Mitigation and prioritisation

Apply vendor patch via the next available Windows update; verify patch installation across all affected builds.
Enforce least privilege for local accounts, rotate/service account credentials, and use application whitelisting to reduce viable exploit paths.
Restrict sensitive scripts and brokered-file-system access; consider segmenting or hardening server core deployments.
Plan patch testing in a staging environment before broad rollout; schedule during a maintenance window if feasible.
If exploit indicators emerge (KEV presence or EPSS ≥ 0.5), treat as priority 1. Data here does not confirm KEV/EPSS status.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-54105, microsoft, OSINT, threatintel, windows-11-version-24h2, windows-server-2022-23h2-edition-server-core-installation, windows-server-2025, windows-server-2025-server-core-installation