CVE-2025-55228
win32k.sys — race condition in GRFX component allows remote code execution
Summary
| Field | Value |
|---|---|
| Driver | win32k.sys (Win32K - GRFX) |
| Vulnerability Class | Race Condition |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | September 9, 2025 |
Root Cause
A race condition in the Win32K GRFX component allows concurrent graphical operations to corrupt internal state. The corruption can lead to code execution in the context of a privileged process.
Exploitation
The attacker triggers the race through concurrent graphical rendering operations. The resulting memory corruption provides a code execution primitive.
Exploitation Primitive
Concurrent GRFX operations → race condition
→ memory corruption → code execution