#VU109250 Use of hard-coded credentials in Microsoft products - CVE-2025-27488
Published: May 16, 2025
Vulnerability identifier: #VU109250
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-27488
CWE-ID: CWE-798
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Hardware Lab Kit (HLK) for Windows Version 1809
Hardware Lab Kit (HLK) for Windows 10
Hardware Lab Kit (HLK) for Windows 11
Hardware Lab Kit (HLK) for Windows Server 2019
Hardware Lab Kit (HLK) for Windows Server 2022
Hardware Lab Kit (HLK) for Windows Server 2025
Hardware Lab Kit (HLK) for Windows Version 1809
Hardware Lab Kit (HLK) for Windows 10
Hardware Lab Kit (HLK) for Windows 11
Hardware Lab Kit (HLK) for Windows Server 2019
Hardware Lab Kit (HLK) for Windows Server 2022
Hardware Lab Kit (HLK) for Windows Server 2025
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local user can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.