CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-
CVSS
9.1
Critical
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Published: Jun 9, 2026 · Last modified: Jul 15, 2026 · CWE-362 · CWE-266
0.5%EPSS · 30 days0.5%
2026-06-302026-07-16
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.
- developer.arm.comhttps://developer.arm.com/documentation/112137
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2026/06/09/13
- xenbits.xen.orghttp://xenbits.xen.org/xsa/advisory-493.html
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34911
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36018
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36348
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36349
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-10263
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2486958
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-250908.1 HIG95.4%
——29Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.8dCVE-2026-506677.8 HIG80.1%
——24Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.21hCVE-2026-59477.5 HIG69.1%
——21Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.2dCVE-2026-561889.8 CRI58.8%
——18Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.2dCVE-2026-503698.8 HIG47.1%
——14Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.2dCVE-2026-566495.9 MED46.6%
——14Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.2d