CVE-2025-47160 | THREATINT

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

PUBLISHED Reserved 2025-05-01 | Published 2025-06-10 | Updated 2026-02-20 | Assigner microsoft

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C

Problem types

CWE-693: Protection Mechanism Failure

Product status

10.0.10240.0 (custom) before 10.0.10240.21034

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.19044.0 (custom) before 10.0.19044.5965

affected

10.0.19045.0 (custom) before 10.0.19045.5965

affected

10.0.22621.0 (custom) before 10.0.22621.5472

affected

10.0.22631.0 (custom) before 10.0.22631.5472

affected

10.0.22631.0 (custom) before 10.0.22631.5472

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

6.2.9200.0 (custom) before 6.2.9200.25522

affected

6.2.9200.0 (custom) before 6.2.9200.25522

affected

6.3.9600.0 (custom) before 6.3.9600.22620

affected

6.3.9600.0 (custom) before 6.3.9600.22620

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

10.0.14393.0 (custom) before 10.0.14393.8148

affected

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.17763.0 (custom) before 10.0.17763.7434

affected

10.0.20348.0 (custom) before 10.0.20348.3807

affected

10.0.25398.0 (custom) before 10.0.25398.1665

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

10.0.26100.0 (custom) before 10.0.26100.4349

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47160 (Windows Shortcut Files Security Feature Bypass Vulnerability) vendor-advisory patch

cve.org (CVE-2025-47160)

nvd.nist.gov (CVE-2025-47160)

Download JSON