6.5
CVE-2025-26635
- EPSS 1.41%
- Veröffentlicht 08.04.2025 17:23:44
- Zuletzt bearbeitet 03.07.2025 13:00:05
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Windows Hello Security Feature Bypass Vulnerability
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 HwPlatformx64 Version < 10.0.17763.7136
Microsoft ≫ Windows 10 1809 HwPlatformx86 Version < 10.0.17763.7136
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.5737
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.5737
Microsoft ≫ Windows 11 22h2 HwPlatformarm64 Version < 10.0.22621.5189
Microsoft ≫ Windows 11 22h2 HwPlatformx64 Version < 10.0.22621.5189
Microsoft ≫ Windows 11 23h2 HwPlatformarm64 Version < 10.0.22631.5189
Microsoft ≫ Windows 11 23h2 HwPlatformx64 Version < 10.0.22631.5189
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.7136
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.3453
Microsoft ≫ Windows Server 2022 23h2 HwPlatformx64 Version < 10.0.25398.1551
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.41% | 0.694 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secure@microsoft.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26635