Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-62215 PoC — Windows Kernel Elevation of Privilege Vulnerability

Source
https://github.com/abrewer251/CVE-2025-62215_Windows_Kernel_PE
Associated Vulnerability
Title:Windows Kernel Elevation of Privilege Vulnerability (CVE-2025-62215)
Description:Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
Description
This PoC demonstrates a race condition in the Windows kernel leading to a double-free vulnerability, allowing local privilege escalation to SYSTEM. The exploit uses multithreaded handle manipulation and heap spraying to trigger the flaw under controlled conditions.
Readme
# CVE-2025-62215 Exploit PoC

Original code credit: https://github.com/dexterm300

## 🧨 Description

This repository contains a proof-of-concept exploit for **CVE-2025-62215**, a **race condition** vulnerability in the Windows kernel that can be triggered via concurrent manipulation of kernel object handles. Under specific conditions, this results in a **double-free**, which can be exploited for **local privilege escalation** to **SYSTEM**.

The exploit works by:

- Creating multiple threads that rapidly open and close kernel object handles
- Exploiting a timing window to trigger double-free conditions
- Using heap spraying to manipulate memory layout
- Detecting elevated privileges using a monitor thread

---

## ⚠️ Disclaimer

This code is provided **for educational and authorized security testing purposes only**. Running this on production systems or without explicit permission is **strictly prohibited**.

---

## 🛠️ Features

- Multithreaded race condition trigger
- Heap spray for layout control
- Privilege check using access token elevation
- Test mode for safer execution
- Thread-safe logging and graceful shutdown
- Minimal dependencies; builds cleanly with `cl.exe` (MSVC)

---

## 🧪 Requirements

- Windows 10/11 (x64)
- MSVC (`cl.exe`) compiler with Debug CRT (`/MDd`)
- Administrator rights for full privilege escalation
- `ntdll.dll` for direct syscall bindings

---

## 🛠️ Build Instructions

### 🪟 Visual Studio (Recommended)
1. Open in Visual Studio
2. Set configuration to `Debug x64`
3. Build and run with elevated privileges

### 🔧 Command Line (PowerShell or Developer CMD)
May need to install C++ build tools: https://visualstudio.microsoft.com/visual-cpp-build-tools/
& "C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\Common7\Tools\VsDevCmd.bat"



```bash
cl.exe poc.cpp /Od /ZI /RTC1 /MDd /link /OUT:unicorn.exe

[*] Starting CVE-2025-62215 exploitation...
[*] Performing heap spray...
[+] Allocated 100 heap chunks
[*] Spawning 8 threads to trigger race condition...
[*] Waiting for race condition...
[+] SUCCESS: Privilege escalation detected!
[+] EXPLOITATION SUCCESSFUL!
[+] Privileges escalated to SYSTEM
File Snapshot

 [4.0K]  /data/pocs/4c34abc513f5ad392de67b905b4335e52d5f55d4
├── [1.0K]  LICENSE
├── [7.0K]  poc2.cpp
├── [ 11K]  poc.cpp
├── [2.1K]  README.md
└── [4.2K]  testLocal.cpp

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →