H-ISAC TLP White Vulnerability Bulletins: An Elevation of Privilege Zero-Day Vulnerability in Microsoft's Windows Kernel

H-ISAC TLP White Vulnerability Bulletins: An Elevation of Privilege Zero-Day Vulnerability in Microsoft's Windows Kernel (CVE-2025-62215) 

On November 11, 2025, Microsoft publicly disclosed a high-severity Elevation of Privilege (EoP) zero-day vulnerability found in the Windows Kernel, tracked as CVE-2025-62215 (CVSS Score: 7.0). Microsoft also released a patch for the vulnerability on the same date.

Microsoft has not disclosed any information regarding the attacks that exploit the vulnerability, although it has confirmed that this flaw is actively being exploited in the wild.

Health-ISAC is sharing this information to increase situational awareness and encourage organizations to assess their risk level associated with this vulnerability.

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides/Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services