CVE-2025-63946
Published: 23 February 2026
Summary
CVE-2025-63946 is a high-severity Link Following (CWE-59) vulnerability in Tencent Pcmanager. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via race condition in Windows application, enabling arbitrary code execution with elevated rights.
NVD Description
A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race…
more
condition.
Deeper analysisAI
CVE-2025-63946 is a privilege escalation vulnerability (CWE-59) affecting the Tencent PC Manager application through version 17.10.28554.205 on Windows devices. The flaw enables a local user to execute arbitrary programs with elevated privileges by exploiting a race condition in the application.
The vulnerability can be exploited by a local attacker requiring no privileges (PR:N), though it has high attack complexity (AC:H) due to the need to successfully trigger the race condition. No user interaction is required (UI:N), and exploitation occurs with local attack vector (AV:L) and unchanged scope (S:U), resulting in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The CVSS v3.1 base score is 7.4.
Proof-of-concept exploit code and details are available in GitHub repositories at https://github.com/alexlee820/CVE-2025-63946-Tencent-PC-Manager-EoP/blob/main/README.md and https://github.com/alexlee820/Tencent-PC-Manager-EoP.
Details
- CWE(s)