6.5

CVE-2025-26635

Windows Hello Security Feature Bypass Vulnerability

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1809 HwPlatformx64 Version < 10.0.17763.7136
MicrosoftWindows 10 1809 HwPlatformx86 Version < 10.0.17763.7136
MicrosoftWindows 10 21h2 Version < 10.0.19044.5737
MicrosoftWindows 10 22h2 Version < 10.0.19045.5737
MicrosoftWindows 11 22h2 HwPlatformarm64 Version < 10.0.22621.5189
MicrosoftWindows 11 22h2 HwPlatformx64 Version < 10.0.22621.5189
MicrosoftWindows 11 23h2 HwPlatformarm64 Version < 10.0.22631.5189
MicrosoftWindows 11 23h2 HwPlatformx64 Version < 10.0.22631.5189
MicrosoftWindows Server 2019 Version < 10.0.17763.7136
MicrosoftWindows Server 2022 Version < 10.0.20348.3453
MicrosoftWindows Server 2022 23h2 HwPlatformx64 Version < 10.0.25398.1551
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.41% 0.694
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26635
Vendor Advisory