CVE-2025-61303CRITICAL 9.8EPSS p33.1%

CVE-2025-61303CVE-2025-61303

Description

Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample recursively spawns a large number of child processes, generating high log volume and exhausting system resources. As a result, key malicious behavior, including PowerShell execution and reverse shell activity, may not be recorded or reported, misleading analysts and compromising the integrity and availability of sandboxed analysis results.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 33.1% · 2026-06-18T12:00:27Z
Published2025-10-20
Last modified2026-04-15

Underlying weaknesses· 1

CWE-400

References

  1. https://github.com/eGkritsis/CVE-2025-61303

1

TypeTargetConfidenceTier
WeaknessUncontrolled Resource Consumptioncwe-4000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Microsoft Windows Race Condition Vulnerability
CVE
CVE-2025-21303
CVE
CVE-2026-42910
CVE
CVE-2025-21305
CVE
CVE-2025-33067
CVE
CVE-2025-21205
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.