CVE-2025-63945

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/alexlee820/CVE-2025-63945-Tencent-iOA-EoP	Exploit Third Party Advisory
https://github.com/alexlee820/Tencent-iOA-EoP	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:tencent:ioa:*:*:*:*:*:windows:*:*

History

26 Feb 2026, 16:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:tencent:ioa::::::windows::*
Summary		(es) Una vulnerabilidad de escalada de privilegios (PE) en la aplicación Tencent iOA hasta la versión 210.9.28693.621001 en dispositivos Windows permite a un usuario local ejecutar programas con grandes privilegios. Sin embargo, la ejecución requiere que el usuario local sea capaz de explotar con éxito una condición de carrera.
First Time		Tencent ioa Tencent
References	~~() https://github.com/alexlee820/CVE-2025-63945-Tencent-iOA-EoP -~~	() https://github.com/alexlee820/CVE-2025-63945-Tencent-iOA-EoP - Exploit, Third Party Advisory
References	~~() https://github.com/alexlee820/Tencent-iOA-EoP -~~	() https://github.com/alexlee820/Tencent-iOA-EoP - Broken Link

23 Feb 2026, 20:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-23 20:28

Updated : 2026-02-26 16:31

NVD link : CVE-2025-63945

Mitre link : CVE-2025-63945

CVE.ORG link : CVE-2025-63945

JSON object : View

Products Affected

tencent

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

7.4 /10