CVE-2025-27735 | THREATINT

Description

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.

Reserved 2025-03-06 | Published 2025-04-08 | Updated 2025-05-30 | Assigner microsoft

MEDIUM: 6.0CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Problem types

CWE-345: Insufficient Verification of Data Authenticity

Product status

10.0.17763.0 before 10.0.17763.7136

affected

10.0.17763.0 before 10.0.17763.7136

affected

10.0.17763.0 before 10.0.17763.7136

affected

10.0.20348.0 before 10.0.20348.3453

affected

10.0.19044.0 before 10.0.19044.5737

affected

10.0.22621.0 before 10.0.22621.5189

affected

10.0.19045.0 before 10.0.19045.5737

affected

10.0.26100.0 before 10.0.26100.3775

affected

10.0.22631.0 before 10.0.22631.5189

affected

10.0.22631.0 before 10.0.22631.5189

affected

10.0.25398.0 before 10.0.25398.1551

affected

10.0.26100.0 before 10.0.26100.3775

affected

10.0.26100.0 before 10.0.26100.3775

affected

10.0.10240.0 before 10.0.10240.20978

affected

10.0.14393.0 before 10.0.14393.7969

affected

10.0.14393.0 before 10.0.14393.7969

affected

10.0.14393.0 before 10.0.14393.7969

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27735 (Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability) vendor-advisory

cve.org (CVE-2025-27735)

nvd.nist.gov (CVE-2025-27735)

Download JSON