CVE-2025-59200: 
vulnerability analysis and mitigation

A race condition vulnerability (CVE-2025-59200) was discovered in the Data Sharing Service Client component affecting multiple versions of Microsoft Windows. The vulnerability was disclosed on October 14, 2025, affecting various Windows versions including Windows 10, Windows 11, and Windows Server editions. This security flaw allows an unauthorized attacker to perform spoofing attacks through improper synchronization of shared resources (NVD).

The vulnerability is classified as a concurrent execution issue using shared resource with improper synchronization (race condition) in the Data Sharing Service Client. It has been assigned a CVSS v3.1 base score of 7.7 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L. The vulnerability is associated with CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-73 (External Control of File Name or Path) (NVD).

If exploited, this vulnerability allows an unauthorized attacker to perform spoofing attacks locally. The CVSS scoring indicates high impact on integrity, low impact on confidentiality, and low impact on availability. The attack requires user interaction but no privileges, and while the attack vector is local, the scope is changed, indicating potential broader system impact (NVD).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Users should update to the following versions: Windows 10 (versions 1507, 1607, 1809) to their respective latest security updates, Windows 11 (versions 22H2, 23H2, 24H2, 25H2) to their latest security updates, and Windows Server (2016, 2019, 2022, 2025) to their respective latest security updates (Microsoft).