CVE-2025-62215: Microsoft Patches Windows Kernel Zero-Day Vulnerability Under Active Exploitation

Microsoft released fixes in November 2025 for CVE-2025-62215, a Windows Kernel race-condition privilege escalation (double-free) with a CVSS of 7.0 that is reported to be exploited in the wild; the flaw enables low-privileged local attackers or post-compromise actors to escalate to higher privileges, and affects all supported Windows editions including Windows 10 ESU, so immediate patching and layered defenses are recommended.