CVE-2025-53769

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
microsoftCNA
5.5 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
microsoftwindows_security_app
𝑥
< 1000.27840.0.1000
𝑥
= Vulnerable software versions
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53769