fkie_cve-2025-55229
Vulnerability from fkie_nvd
Published
2025-08-21 20:15
Modified
2025-08-25 18:37
Severity ?
Summary
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229 | Vendor Advisory |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", "matchCriteriaId": "50B78D20-D235-489A-B787-5F0C46FA5815", "versionEndExcluding": "10.0.10240.21122", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", "matchCriteriaId": "A48FE80A-493F-4D17-8D4E-8DA6B1127CF5", "versionEndIncluding": "10.0.10240.21122", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "matchCriteriaId": "86A2D06A-DAC0-4FB7-9EEC-47D975CCE623", "versionEndExcluding": "10.0.14393.8416", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "matchCriteriaId": "18CC0F43-82F6-499C-8777-3F58D4DFEF7E", "versionEndExcluding": "10.0.14393.8416", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "matchCriteriaId": "4AB6A8AE-01B8-459A-9A33-81AC6FFEC096", "versionEndExcluding": "10.0.17763.7783", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "matchCriteriaId": "F84CF8A6-2AF7-4BE4-A263-B3555E996353", "versionEndExcluding": "10.0.17763.7783", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7183024-C612-4148-A203-88BAEE246174", "versionEndExcluding": "10.0.19044.6321", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDD81805-C6B3-410B-94E9-C5FD91257E8D", "versionEndExcluding": "10.0.19045.6321", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "F255491D-0AC4-49A9-B42C-0F9597E30DCB", "versionEndExcluding": "10.0.22621.5900", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D22A00-A2D8-4EAD-9335-D9B11EB60203", "versionEndIncluding": "10.0.22631.5900", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C4CDE8F-44C1-4CCF-8370-CA6AB87E5CD9", "versionEndExcluding": "10.0.26100.6563", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C2CED8A-2DBF-451A-9707-97780F86E49C", "versionEndExcluding": "10.0.14393.8416", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA02E28D-6C08-4ABE-9492-7C69FF3EFC5A", "versionEndExcluding": "10.0.17763.7783", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A04735E-F5B1-47C5-A4DD-2F7588B9F625", "versionEndExcluding": "10.0.20348.4161", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A13451E-5C7D-4C72-8E2C-CEDAA83EADBE", "versionEndExcluding": "10.0.25398.1840", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "matchCriteriaId": "35EC11BF-095A-4304-880C-994F001F1D6C", "versionEndExcluding": "10.0.26100.6563", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network." }, { "lang": "es", "value": "La verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en los certificados de Windows permite que un atacante no autorizado realice suplantaci\u00f3n de identidad a trav\u00e9s de una red." } ], "id": "CVE-2025-55229", "lastModified": "2025-08-25T18:37:07.210", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secure@microsoft.com", "type": "Secondary" } ] }, "published": "2025-08-21T20:15:47.070", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55229" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-347" } ], "source": "secure@microsoft.com", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…