SB2025040903 - Multiple vulnerabilities in Microsoft Windows Hello

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025040903

SB2025040903 - Multiple vulnerabilities in Microsoft Windows Hello

Published: April 9, 2025

Security Bulletin ID SB2025040903
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2025-26635)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests in Windows Hello. A remote administrator can bypass the Windows Hello security feature.


2) Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism (CVE-ID: CVE-2025-26644)

The vulnerability allows a local attacker to perform spoofing attack.

The vulnerability exists due to automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello. A local attacker can spoof page content.


Remediation

Install update from vendor's website.

References