CVE-2025-27488 | THREATINT

Description

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-02-26 | Published 2025-05-13 | Updated 2026-02-13 | Assigner microsoft

MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-798: Use of Hard-coded Credentials

Product status

1.0.0 (custom) before 10.1.19041.5609

affected

1.0.0 (custom) before 10.1.19041.5609

affected

1.0.0 (custom) before 10.1.19041.5609

affected

1.0.0 (custom) before 10.1.19041.5609

affected

1.0.0 (custom) before 10.1.22621.5040

affected

1.0.0 (custom) before 10.1.26100.3478

affected

1.0.0 (custom) before 10.1.19041.5609

affected

1.0.0 (custom) before 10.1.17763.7010

affected

1.0.0 (custom) before 10.1.20348.3330

affected

1.0.0 (custom) before 10.1.26100.3478

affected

1.0.0 (custom) before 10.1.17763.7010

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27488 (Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-27488)

nvd.nist.gov (CVE-2025-27488)

Download JSON

help @ threatint.eu