CVE-2025-21194

Microsoft Surface Security Feature Bypass Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
7.1 HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
microsoftsurface_hub_2s_firmware
-
microsoftsurface_pro_8_for_business_1983_firmware
-
microsoftsurface_laptop_go_firmware
-
microsoftsurface_laptop_go_2_firmware
-
microsoftsurface_hub_3_50_firmware
-
microsoftsurface_hub_2s_firmware
-
microsoftsurface_pro_7\+_firmware
-
microsoftsurface_laptop_go_3_firmware
-
microsoftsurface_go_3_firmware
-
microsoftsurface_laptop_go_2_firmware
-
microsoftsurface_pro_9_with_5g_1997_firmware
-
microsoftsurface_pro_9_with_5g_1996_firmware
-
microsoftsurface_laptop_3_1867_firmware
-
microsoftsurface_laptop_3_1872_firmware
-
microsoftsurface_laptop_4_1958_firmware
-
microsoftsurface_laptop_4_1950_firmware
-
microsoftsurface_laptop_4_1952_firmware
-
microsoftsurface_laptop_4_1978_firmware
-
microsoftwindows_dev_kit_firmware
-
microsoftsurface_hub_2s_85_firmware
-
microsoftsurface_hub_3_50_firmware
-
microsoftsurface_hub_3_85_firmware
-
microsoftsurface_pro_8_1983_firmware
-
microsoftsurface_pro_8_for_business_with_lte_advanced_1982_firmware
-
microsoftsurface_hub_3_85_firmware
-
microsoftsurface_hub_2s_85_firmware
-
microsoftsurface_go_3_1926_firmware
-
microsoftsurface_go_3_1901_firmware
-
microsoftsurface_go_3_2022_firmware
-
microsoftsurface_go_2_1926_firmware
-
microsoftsurface_go_2_1901_firmware
-
microsoftsurface_go_2_1927_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194