AI description
Automated description summarized from trusted sources.
CVE-2025-26644 is a vulnerability affecting Windows Hello, a biometric authentication system. It stems from inadequate detection or handling of adversarial input perturbations in the automated recognition mechanism. An attacker can exploit this vulnerability to perform local spoofing attacks, potentially bypassing Windows Hello authentication. This could lead to unauthorized access to systems and compromise the integrity of the biometric authentication process. A patch is available from Microsoft, released on April 8, 2025.
- Description
- Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 5.1
- Impact score
- 3.6
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-1039
- Hype score
- Not currently trending