cvelistv5 - cve-2025-21194

CVE-2025-21194 (GCVE-0-2025-21194)

Vulnerability from cvelistv5

Published

2025-02-11 17:58

Modified

2025-03-12 01:42

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-20 - Improper Input Validation

Summary

Microsoft Surface Security Feature Bypass Vulnerability

References

URL

Tags

secure@microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194

Vendor Advisory

Impacted products

Vendor

Product

Version

Microsoft

Surface Laptop 4 with Intel Processor

Version: N/A

Microsoft	Microsoft Surface Laptop Go	Version: N/A
Microsoft	Microsoft Surface Go	Version: N/A
Microsoft	Microsoft Surface Laptop Go 3	Version: N/A
Microsoft	Surface Laptop 4 with AMD Processor	Version: N/A
Microsoft	Microsoft Surface Pro	Version: N/A
Microsoft	Microsoft Surface Hub	Version: N/A
Microsoft	Surface Laptop 3 with Intel Processor	Version: N/A
Microsoft	Microsoft Surface Pro 8	Version: N/A
Microsoft	Surface Windows Dev Kit	Version: N/A
Microsoft	Microsoft Surface Pro 9 ARM	Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T19:16:42.644260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T19:28:13.429Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Surface Laptop 4 with Intel Processor",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Laptop Go",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Go",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Laptop Go 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Surface Laptop 4 with AMD Processor",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Pro",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Hub",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Surface Laptop 3 with Intel Processor",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Pro 8",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Surface Windows Dev Kit",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Surface Pro 9 ARM",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_intel_processor:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_laptop_go_2:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_go_3:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_laptop_go_3:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_AMD_processor:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_pro_7:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_hub_2S:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_laptop_3_intel_processor:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_go_2:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_pro_8:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_windows_dev_kit:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:h:microsoft:surface_pro_9_ARM:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "N/A",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Surface Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T01:42:24.382Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Surface Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"
        }
      ],
      "title": "Microsoft Surface Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-21194",
    "datePublished": "2025-02-11T17:58:25.882Z",
    "dateReserved": "2024-12-05T21:43:30.766Z",
    "dateUpdated": "2025-03-12T01:42:24.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21194\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2025-02-11T18:15:30.820\",\"lastModified\":\"2025-07-08T14:14:50.187\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Surface Security Feature Bypass Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de omisi\u00f3n de funciones de seguridad de Microsoft Surface\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_2s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0373B077-9CDC-4D56-9180-53DD54D6C3D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5126D18E-4EFC-43CF-8243-895034C8FADC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_8_for_business_1983_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17896CFB-0B7D-456A-8A82-A971C3B5F072\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_8_for_business_1983:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FBD2702-436C-4EB6-8F7F-4D65DFC9CCFA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_go_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4FD9969-A47F-4F34-8775-07107C4B0557\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_go:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4751A72E-1E1A-455D-A179-F9936A9F87FA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_go_2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC33B563-7807-4AB3-8887-D228B1F60437\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_go_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E160CD9-BE19-4900-81E4-61BC6050215B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_3_50_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECA9AFD-5144-4B18-B4EF-DF1541FC9564\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_3_50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F56EC8E-E144-4D8F-B224-A7E6FA659437\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_2s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0373B077-9CDC-4D56-9180-53DD54D6C3D8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5126D18E-4EFC-43CF-8243-895034C8FADC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_7\\\\+_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A5CB11-7AE2-47C0-A029-998B9C98E12E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_7\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D80D94B4-E68D-4DFF-A5AA-D6E183AC7579\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_go_3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0D8F8A2-837E-452B-8AD2-BA2A511D5C18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_go_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AD4AE51-45EE-43E8-ABC2-72E365354022\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE166FE-D173-4E62-8AA0-C80C0E4D8820\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDAC37E4-8768-4207-A8B8-6D68D52AABF9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_go_2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC33B563-7807-4AB3-8887-D228B1F60437\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_go_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E160CD9-BE19-4900-81E4-61BC6050215B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_9_with_5g_1997_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CD49D37-90B1-4C07-83D6-80A3B60BFD93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_9_with_5g_1997:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"384F730B-E216-4C4E-A95A-15D1F84613CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_9_with_5g_1996_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23755029-6C52-4F4B-A4E0-C2CC810BAD2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_9_with_5g_1996:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48465AD2-8B10-4185-8C1D-265E835584C4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_3_1867_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5805C772-1C4A-4A48-9394-00DBDAD7DEB6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_3_1867:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7392E4DC-D40E-4F78-A086-F77C8AA9B452\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_3_1872_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57C48B0F-2062-43DB-BAFD-C0C847DE1102\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_3_1872:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E22D67D-CEE6-4F23-9B7D-25B5717F1817\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_4_1958_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB5B208-C22B-4A1D-832C-29B693F35586\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_4_1958:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CD2054E-1098-4BEA-BA95-8430BF28192E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_4_1950_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA3D6B9-DD55-4CBD-A1E5-0737E3538A09\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_4_1950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C3A0E0-6485-411B-BC31-1A8A275CB034\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_4_1952_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6C780C-DDCE-447D-978C-57115EBBF4B9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_4_1952:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6110417B-F51F-42B3-95F9-AD7D6398FED3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_laptop_4_1978_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2D920B-D1C3-4F79-AC91-14C3C61D7A0C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_laptop_4_1978:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E9E481-0326-4229-A8A7-84DE0D095425\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_dev_kit_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FDBEB11-868E-4176-9DA4-F0C9CEEA7CC2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:windows_dev_kit:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85AD5792-45EA-48DD-8706-85841DDFB12F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_2s_85_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8F1CF9-94CF-4634-9851-65CF1C67A6AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_2s_85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6D8102C-03E0-49E9-BA39-0F72E30C6304\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_3_50_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EECA9AFD-5144-4B18-B4EF-DF1541FC9564\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_3_50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F56EC8E-E144-4D8F-B224-A7E6FA659437\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_3_85_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A3A16E8-2056-4650-BE5C-30B84E2AB848\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_3_85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14066FEE-0F3B-4271-BC68-80ECD53DA4DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_8_1983_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E94C16E-94D9-4273-B8C8-BC57762F8367\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_8_1983:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A187D45-BB47-4667-ADFE-8B9E823F221B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_pro_8_for_business_with_lte_advanced_1982_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C9AC0B-1A29-4D57-A26D-AE7B8120EB19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_pro_8_for_business_with_lte_advanced_1982:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"262D30D4-449E-47BB-9678-9F371B28DCF5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_3_85_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A3A16E8-2056-4650-BE5C-30B84E2AB848\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_3_85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14066FEE-0F3B-4271-BC68-80ECD53DA4DC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_hub_2s_85_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF8F1CF9-94CF-4634-9851-65CF1C67A6AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_hub_2s_85:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6D8102C-03E0-49E9-BA39-0F72E30C6304\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_3_1926_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CF69EC7-C430-48EA-8E4F-3C392D1AFCA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_3_1926:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8EA8E7D-17E8-4E7A-B4A4-A208DC329FDB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_3_1901_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB6A413-CB85-4A53-B851-20CD13B93688\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_3_1901:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD1750C1-2FDE-4A84-81D8-F57DE7E24974\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_3_2022_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"222EC78A-597B-4D14-BE1F-82102C0BB0B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_3_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21C3A91A-3394-45DE-8932-5431EE8BFC99\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_2_1926_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA077CA3-7A69-4226-AAD8-2BC199961704\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_2_1926:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80BE3894-3006-48E4-8DE9-9B059A05DCC4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_2_1901_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEF91B1-F29A-4F81-BAC9-6B93BBC5D749\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_2_1901:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F33EDF2-9058-4329-BBF6-2FCE80433F5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:surface_go_2_1927_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1549BEF0-C1C6-4D1A-9662-1FB6672DBF69\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:microsoft:surface_go_2_1927:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B48180-38CB-4C0E-BAF0-B99ACE575CFC\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-21194\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T19:16:42.644260Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T19:16:44.362Z\"}}], \"cna\": {\"title\": \"Microsoft Surface Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Surface Laptop 4 with Intel Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Laptop Go\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Go\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Laptop Go 3\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Laptop 4 with AMD Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Pro\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Hub\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Laptop 3 with Intel Processor\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Pro 8\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Surface Windows Dev Kit\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Surface Pro 9 ARM\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2025-02-11T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194\", \"name\": \"Microsoft Surface Security Feature Bypass Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft Surface Security Feature Bypass Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_4_intel_processor:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_go_2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_go_3:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_go_3:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_4_AMD_processor:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_pro_7:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_hub_2S:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_laptop_3_intel_processor:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_go_2:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_pro_8:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_windows_dev_kit:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}, {\"criteria\": \"cpe:2.3:h:microsoft:surface_pro_9_ARM:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"N/A\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-03-12T01:42:24.382Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-21194\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-12T01:42:24.382Z\", \"dateReserved\": \"2024-12-05T21:43:30.766Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2025-02-11T17:58:25.882Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-21194

Vulnerability from fkie_nvd

Published

2025-02-11 18:15

Modified

2025-07-08 14:14

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft Surface Security Feature Bypass Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	surface_hub_2s_firmware	-
microsoft	surface_hub_2s	-
microsoft	surface_pro_8_for_business_1983_firmware	-
microsoft	surface_pro_8_for_business_1983	-
microsoft	surface_laptop_go_firmware	-
microsoft	surface_laptop_go	-
microsoft	surface_laptop_go_2_firmware	-
microsoft	surface_laptop_go_2	-
microsoft	surface_hub_3_50_firmware	-
microsoft	surface_hub_3_50	-
microsoft	surface_hub_2s_firmware	-
microsoft	surface_hub_2s	-
microsoft	surface_pro_7\+_firmware	-
microsoft	surface_pro_7\+	-
microsoft	surface_laptop_go_3_firmware	-
microsoft	surface_laptop_go_3	-
microsoft	surface_go_3_firmware	-
microsoft	surface_go_3	-
microsoft	surface_laptop_go_2_firmware	-
microsoft	surface_laptop_go_2	-
microsoft	surface_pro_9_with_5g_1997_firmware	-
microsoft	surface_pro_9_with_5g_1997	-
microsoft	surface_pro_9_with_5g_1996_firmware	-
microsoft	surface_pro_9_with_5g_1996	-
microsoft	surface_laptop_3_1867_firmware	-
microsoft	surface_laptop_3_1867	-
microsoft	surface_laptop_3_1872_firmware	-
microsoft	surface_laptop_3_1872	-
microsoft	surface_laptop_4_1958_firmware	-
microsoft	surface_laptop_4_1958	-
microsoft	surface_laptop_4_1950_firmware	-
microsoft	surface_laptop_4_1950	-
microsoft	surface_laptop_4_1952_firmware	-
microsoft	surface_laptop_4_1952	-
microsoft	surface_laptop_4_1978_firmware	-
microsoft	surface_laptop_4_1978	-
microsoft	windows_dev_kit_firmware	-
microsoft	windows_dev_kit	-
microsoft	surface_hub_2s_85_firmware	-
microsoft	surface_hub_2s_85	-
microsoft	surface_hub_3_50_firmware	-
microsoft	surface_hub_3_50	-
microsoft	surface_hub_3_85_firmware	-
microsoft	surface_hub_3_85	-
microsoft	surface_pro_8_1983_firmware	-
microsoft	surface_pro_8_1983	-
microsoft	surface_pro_8_for_business_with_lte_advanced_1982_firmware	-
microsoft	surface_pro_8_for_business_with_lte_advanced_1982	-
microsoft	surface_hub_3_85_firmware	-
microsoft	surface_hub_3_85	-
microsoft	surface_hub_2s_85_firmware	-
microsoft	surface_hub_2s_85	-
microsoft	surface_go_3_1926_firmware	-
microsoft	surface_go_3_1926	-
microsoft	surface_go_3_1901_firmware	-
microsoft	surface_go_3_1901	-
microsoft	surface_go_3_2022_firmware	-
microsoft	surface_go_3_2022	-
microsoft	surface_go_2_1926_firmware	-
microsoft	surface_go_2_1926	-
microsoft	surface_go_2_1901_firmware	-
microsoft	surface_go_2_1901	-
microsoft	surface_go_2_1927_firmware	-
microsoft	surface_go_2_1927	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_2s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0373B077-9CDC-4D56-9180-53DD54D6C3D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5126D18E-4EFC-43CF-8243-895034C8FADC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_8_for_business_1983_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17896CFB-0B7D-456A-8A82-A971C3B5F072",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_8_for_business_1983:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FBD2702-436C-4EB6-8F7F-4D65DFC9CCFA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_go_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FD9969-A47F-4F34-8775-07107C4B0557",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_go:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4751A72E-1E1A-455D-A179-F9936A9F87FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_go_2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC33B563-7807-4AB3-8887-D228B1F60437",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_go_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E160CD9-BE19-4900-81E4-61BC6050215B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_3_50_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECA9AFD-5144-4B18-B4EF-DF1541FC9564",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_3_50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F56EC8E-E144-4D8F-B224-A7E6FA659437",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_2s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0373B077-9CDC-4D56-9180-53DD54D6C3D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5126D18E-4EFC-43CF-8243-895034C8FADC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_7\\+_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A5CB11-7AE2-47C0-A029-998B9C98E12E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_7\\+:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80D94B4-E68D-4DFF-A5AA-D6E183AC7579",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_go_3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D8F8A2-837E-452B-8AD2-BA2A511D5C18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_go_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD4AE51-45EE-43E8-ABC2-72E365354022",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE166FE-D173-4E62-8AA0-C80C0E4D8820",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDAC37E4-8768-4207-A8B8-6D68D52AABF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_go_2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC33B563-7807-4AB3-8887-D228B1F60437",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_go_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E160CD9-BE19-4900-81E4-61BC6050215B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_9_with_5g_1997_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD49D37-90B1-4C07-83D6-80A3B60BFD93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_9_with_5g_1997:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "384F730B-E216-4C4E-A95A-15D1F84613CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_9_with_5g_1996_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23755029-6C52-4F4B-A4E0-C2CC810BAD2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_9_with_5g_1996:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48465AD2-8B10-4185-8C1D-265E835584C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_3_1867_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5805C772-1C4A-4A48-9394-00DBDAD7DEB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_3_1867:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7392E4DC-D40E-4F78-A086-F77C8AA9B452",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_3_1872_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57C48B0F-2062-43DB-BAFD-C0C847DE1102",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_3_1872:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E22D67D-CEE6-4F23-9B7D-25B5717F1817",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_4_1958_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DB5B208-C22B-4A1D-832C-29B693F35586",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_1958:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD2054E-1098-4BEA-BA95-8430BF28192E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_4_1950_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA3D6B9-DD55-4CBD-A1E5-0737E3538A09",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_1950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C3A0E0-6485-411B-BC31-1A8A275CB034",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_4_1952_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6C780C-DDCE-447D-978C-57115EBBF4B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_1952:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6110417B-F51F-42B3-95F9-AD7D6398FED3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_laptop_4_1978_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2D920B-D1C3-4F79-AC91-14C3C61D7A0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_laptop_4_1978:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E9E481-0326-4229-A8A7-84DE0D095425",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_dev_kit_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDBEB11-868E-4176-9DA4-F0C9CEEA7CC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:windows_dev_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AD5792-45EA-48DD-8706-85841DDFB12F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_2s_85_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8F1CF9-94CF-4634-9851-65CF1C67A6AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_2s_85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D8102C-03E0-49E9-BA39-0F72E30C6304",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_3_50_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EECA9AFD-5144-4B18-B4EF-DF1541FC9564",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_3_50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F56EC8E-E144-4D8F-B224-A7E6FA659437",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_3_85_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3A16E8-2056-4650-BE5C-30B84E2AB848",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_3_85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14066FEE-0F3B-4271-BC68-80ECD53DA4DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_8_1983_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E94C16E-94D9-4273-B8C8-BC57762F8367",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_8_1983:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A187D45-BB47-4667-ADFE-8B9E823F221B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_pro_8_for_business_with_lte_advanced_1982_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2C9AC0B-1A29-4D57-A26D-AE7B8120EB19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_pro_8_for_business_with_lte_advanced_1982:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "262D30D4-449E-47BB-9678-9F371B28DCF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_3_85_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3A16E8-2056-4650-BE5C-30B84E2AB848",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_3_85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14066FEE-0F3B-4271-BC68-80ECD53DA4DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_hub_2s_85_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF8F1CF9-94CF-4634-9851-65CF1C67A6AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_hub_2s_85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6D8102C-03E0-49E9-BA39-0F72E30C6304",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_3_1926_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CF69EC7-C430-48EA-8E4F-3C392D1AFCA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_3_1926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8EA8E7D-17E8-4E7A-B4A4-A208DC329FDB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_3_1901_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB6A413-CB85-4A53-B851-20CD13B93688",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_3_1901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1750C1-2FDE-4A84-81D8-F57DE7E24974",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_3_2022_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "222EC78A-597B-4D14-BE1F-82102C0BB0B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_3_2022:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21C3A91A-3394-45DE-8932-5431EE8BFC99",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_2_1926_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA077CA3-7A69-4226-AAD8-2BC199961704",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_2_1926:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BE3894-3006-48E4-8DE9-9B059A05DCC4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_2_1901_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF91B1-F29A-4F81-BAC9-6B93BBC5D749",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_2_1901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EDF2-9058-4329-BBF6-2FCE80433F5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:surface_go_2_1927_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1549BEF0-C1C6-4D1A-9662-1FB6672DBF69",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:surface_go_2_1927:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32B48180-38CB-4C0E-BAF0-B99ACE575CFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Surface Security Feature Bypass Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de omisi\u00f3n de funciones de seguridad de Microsoft Surface"
    }
  ],
  "id": "CVE-2025-21194",
  "lastModified": "2025-07-08T14:14:50.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-11T18:15:30.820",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Surface Laptop 4 with Intel Processor
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016 versions antérieures à 16.0.5487.1000
Microsoft	N/A	Microsoft Surface Laptop Go 3
Microsoft	N/A	Surface Laptop 3 with Intel Processor
Microsoft	N/A	Visual Studio Code versions antérieures à 1.97.1
Microsoft	N/A	Microsoft Surface Pro 7+
Microsoft	N/A	Surface Laptop 4 with AMD Processor
Microsoft	N/A	Microsoft Surface Pro 9 ARM
Microsoft	N/A	Microsoft AutoUpdate pour Mac versions antérieures à 4.77.24121924
Microsoft	N/A	CBL Mariner 2.0 x64 versions antérieures à 18.17.1-2
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (inclus 16.0 - 16.10) antérieures à 16.11.44
Microsoft	N/A	Microsoft Surface Hub 3
Microsoft	N/A	Microsoft Surface Go 2
Microsoft	N/A	Microsoft Surface Hub
Microsoft	N/A	Visual Studio Code - JS Debug Extension versions antérieures à 1.97.1
Microsoft	N/A	Microsoft HPC Pack 2016 versions antérieures à 2016.3
Microsoft	N/A	Microsoft Surface Go 3
Microsoft	N/A	Microsoft Surface Hub 2S
Microsoft	N/A	Microsoft PC Manager versions antérieures à 3.15.4.0
Microsoft	N/A	Microsoft Surface Pro 8
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17928.20396
Microsoft	N/A	Surface Windows Dev Kit
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.18
Microsoft	N/A	Microsoft HPC Pack 2019 versions antérieures à 6.3.8328.0
Microsoft	N/A	Microsoft Surface Laptop Go
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (inclus 15.0 - 15.8) antérieures à 15.9.70
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.12 antérieures à 17.12.5
Microsoft	N/A	Microsoft SharePoint Server 2019 versions antérieures à 16.0.10416.20050
Microsoft	N/A	Microsoft Surface Laptop Go 2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.11
Microsoft	N/A	CBL Mariner 2.0 ARM versions antérieures à 18.17.1-2

References

Title

Publication Time

ghsa-wq6m-8j35-4r2x

Vulnerability from github

Published

2025-02-11 18:31

Modified

2025-02-11 18:31

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Microsoft Surface Security Feature Bypass Vulnerability

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-21194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-11T18:15:30Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Surface Security Feature Bypass Vulnerability",
  "id": "GHSA-wq6m-8j35-4r2x",
  "modified": "2025-02-11T18:31:36Z",
  "published": "2025-02-11T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21194"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

msrc_cve-2025-21194

Vulnerability from csaf_microsoft

Published

2025-02-11 08:00

Modified

2025-02-11 08:00

Summary

Microsoft Surface Security Feature Bypass Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Francisco Falc\u00f3n and Iv\u00e1n Arce of \u003ca href=\"https://www.quarkslab.com/\"\u003eQuarkslab\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"
      },
      {
        "category": "self",
        "summary": "CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-21194.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Surface Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2025-02-11T08:00:00.000Z",
      "generator": {
        "date": "2025-03-19T17:45:57.585Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-21194",
      "initial_release_date": "2025-02-11T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-11T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-21194",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.",
          "title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.",
          "title": "According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "This Hypervisor vulnerability relates to Virtual Machines within a Unified Extensible Firmware Interface (UEFI) host machine. On some specific hardware it might be possible to bypass the UEFI, which could lead to the compromise of the hypervisor and the secure kernel.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine.",
          "title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
        },
        {
          "category": "faq",
          "text": "Surface devices get updates through Windows Update. See Surface update history for more information.\nIf you wish to install the updates manually, you can do the following:\nIn the Surface app, expand Help \u0026amp; support to check the update status.\nIf there are updates available, select the Check for updates button to open Windows Update and install the available updates.",
          "title": "What actions do customers need to perform to be protected against this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11739",
          "12482",
          "12483",
          "12484",
          "12485",
          "12486",
          "12487",
          "12488",
          "12489",
          "12490",
          "12491",
          "12492",
          "12494",
          "12495",
          "12496"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194"
        },
        {
          "category": "self",
          "summary": "CVE-2025-21194 Microsoft Surface Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2025/msrc_cve-2025-21194.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Surface Security Feature Bypass Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-21194 (GCVE-0-2025-21194)

Vulnerability from cvelistv5

fkie_cve-2025-21194

Vulnerability from fkie_nvd

CERTFR-2025-AVI-0118

Vulnerability from certfr_avis

Solutions

ghsa-wq6m-8j35-4r2x

Vulnerability from github

msrc_cve-2025-21194

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature