CVE-2025-47956

EUVD-2025-17763
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
microsoftCNA
5.5 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_security_app
𝑥
< 1000.27840.0.1000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47956